Disabling the iPhone 5S's fingerprint reader - any suggestions?

[deeddawg]

I simply don't believe Apple is capable of keeping my biometric data safe from actual criminals.

What do you think the actual criminals would do with the encrypted TouchID data if they should find it? I'm genuinely curious what exactly you're concerned with here? (I'm speaking as someone who has been fingerprinted a couple times for criminal background checks by the FBI)

BTW, how secure is your medical and financial data at your doctors office? Sitting in a self-store locker somewhere? http://www.insideselfstorage.com/news/2010/03/self-storage-operator-frets-over-delinquent-unit.aspx

 

[darngooddesign]

Guys. It doesn't matter if we don't think these are real concerns, the OP did and wanted us to ease his concerns.

The problem was that we don't know any more than he, and he really should be contacting some of the larger manufacturers directly about things that block the reader. As far as whether you are scanned even if you don't turn it on, only a tear down by a security firm can tell us that.

 

[cyks]

Guys. It doesn't matter if we don't think these are real concerns, the OP did and wanted us to ease his concerns.

...which many people attempted to do, but the OP would then counter with an even crazier fear or excuse.


The OP isn't concerned about NSA, the government, or even Apple. They've made it clear that their biggest fear are criminals gaining access to their fingerprints and using them to either commit crimes or to extort money.

Sorry, but that's simply not a real concern in regards to the 5S.

 

[flynnst0ne]

Given the recent revelations of Apple's relationship with the NSA, and their subsequent denial of any wrong doing, it would be extremely ignorant for anyone to dismiss the fingerprint reader as 100% "safe".

 

[LithePanther]

Given the recent revelations of Apple's relationship with the NSA, and their subsequent denial of any wrong doing, it would be extremely ignorant for anyone to dismiss the fingerprint reader as 100% "safe".

what would the government do with your fingerprint, mr. spread-the-hysteria-with-ridiculous-photos

 

[Gutwrench]

53 people have already said to put a sticker on it.

Yet not buying a device you don't trust in the first place is the most logical answer of them all. Is it any wonder why the op is ignoring these?

 

[solarguy17]

So, I'm sure I'm not the only one here who doesn't feel comfortable using the upcoming iPhone 5S's fingerprint reader. What can be done to disable it? Disabling it in the settings won't cut it as your prints will like still be stored on the phone - they just won't be used for authentication purposes.

To answer your question. A current gen Otterbox would do it or any case the covers the home button should have the same effect. Also, I would be willing to guess this will be new "security" cases to do the exact same thing, except charge a "fingerprint protection" upfee.

But in all truthfulness a criminal can't really do much with your fingerprint anyway. You don't use it to sign up for CCs, buy a house, get married, etc. Really if you want to be more worried about something, be more concerned with the front facing camera. It's already been proven any phone can be hacked to let someone see through the cameras. You should cover those too.

 

[flynnst0ne]

what would the government do with your fingerprint, mr. spread-the-hysteria-with-ridiculous-photos

The tracking capabilities in current iPhones don't mean ****, since the phone can be used by anyone.

Adding biometric capabilities to a tracking device will now tie your every move directly to you.

I know this probably sounds completely reasonable to someone like you, mr.i-believe-everything-apple-tells-me. Try to think a bit outside your box with all of the current events.

 

[SluGuru]

Yes, there is a junky knockoff product called Android. If you are truly concerned and not just a common troll, then you honestly need to disconnect your entire life. Stop using mobile phones, the internet, or do business or work for anyone who has you in any kind of database.

 

[eoblaed]

Disabling it in the settings won't cut it as your prints will like still be stored on the phone

Your prints aren't stored anywhere on the phone. A digital signature is made of your print (similar to a one-way hash: when someone uses the print sensor, a signature is made and compared with the signature stored. if they match, you get access, if they don't match, they don't). And, actually, it's the only way to be able to to do access so quickly. So, it's a bonus on both fronts: what's stored in the phone isn't your print, it's a mathematical signature that cannot be reverse engineered into your print, and it allows for faster access.

Also, even with it turned on, there's /nothing/ stored until you train it with your fingerprint. If you don't train it, it has nothing to store. The training process is very interactive and very obvious -- the way it works it cannot simply 'sneak' a signature of your print.

All that being said, there will certainly be a way to disable to whole process if you really want.

 

[BSDanalyst]

The NSA already has your fingerprints so it really doesn't change anything.
If you don't want Apple to know which specific device you're using, well that's too bad cause they already have your credit card information on the app store. Unless of course you don't even use the app store, or the internet, or anything for that matter.

 

[gr8tfly]

Finally some useful information - thanks.

The sensor is not optical.

 

[gr8tfly]

Your prints must be stored somewhere on the iPhone. How else could it be able to compare your fingerprints to that of someone else?

A major concern of mine would be what would happen when you sold your phone. Like it or not, your prints must be stored on your phone, encrypted maybe, but there non the less.

It doesn't have an image of your fingerprint. Period. The data representing a highly detailed conductive map of the fingerprint (even features that don't show up in an image) are encrypted and stored in hardware cordoned off from the OS. The only way someone could practically reproduce your fingerprint, with this type of sensor, is if they had your finger. Also, if the phone is rebooted, or not woken from sleep within 48 hours, it reverts to the mandatory passcode before accepting TouchID.

 

[cal6n]

Excellent technical analysis showing OP's fears to be groundless.

(Note: although the site asks you to log in, there's no need if you only wish to read the article itself.)

 

[alphaod]

I was on Amazon today going through my past purchases and found they updated the SGP aluminium button covers to include the iPhone 5S...

I was wondering who would use that since it covers the fingerprint reader, but I guess I found the answer to that question!

 

[joshdammit]

I'm trying to figure out why the OP is so concerned with the Touch ID when the entire device itself can be used by the government to track you. It is a cellphone after all, and one with a battery you can't remove.

 

[Lucille Carter]

This was a fairly random statement. I can't see how this sarcastic comment even makes a point relevant to this discussion. What does whether or not the government wants to help us have to do with the finger print scanner? Even if the scanner isn't as secure as Apple claims, just how is it going to give the government access to anything they don't already have access to?

Hmmmmm. These forums can be for "random statements", yes?

Just move on.

 

[Indecisi0n]

I would have preferred them to use a DNA sample instead for unlocking.

 

[cal6n]

I would have preferred them to use a DNA sample instead for unlocking.

Apple are saving that for the eyePhone...

 

[SantaRosa2.2]

Tin Foil hat time

Worked for me , I was told it would keep the aliens from reading my brain waves but then I realized I just don't have to set up set up my brainwave scanner option and no worries.

 

[Rajani Isa]

But then I wouldn't have the latest iDevice.

How would I survive the day???

(Seriously. I want to know. I honestly think I would die.)

You won't. Worst case scenario some of the newer apps run slightly slow for you.

<- Owner of an iPhone 3G-> 4-> 5.

 

[TallManNY]

Actually, it does not store an image at all, but a data hash (which is just a long series of letters/numbers) that gets created on the fly by the fingerprint scanner and is compared against the data hash that was created when you added your fingerprint hash during setup.

The question is can someone back out that datahash into something that is an approximate of your fingerprint image. Or at least into enough data points that it can use those data points in another nefarious setting.

I'm skeptical that that would be easy. And it might require physical access to your phone. I really doubt that you could back out enough of an image that you could duplicate an image that could be planted at a crime scene, for example. You'd have to be able to convert from digital to an analog picture that could be dusted and lifted by the police. But perhaps you could duplicate enough image points that you could fool a different fingerprint scanner, for example, if down the road ATMs use fingerprint scanners. But this is just so speculative.

That said, I think a lot of folks are taking Apple's word a little too completely that the "enclave" will never get breached by an exploit. Let's say it is secure now. If just for reputation purposes, this finger print enclave probably becomes the number one black hat (and white hat) target starting this Friday. Anyone want to bet it is not breached in some way within the year? Want to take the over or under on 30 days? There might be no practical monetary reason to breach this, but in certain communities EVERYONE is going to try.

As for original poster, I think if you disable it in settings, then the default should not be to store the hash. It might read it each time, since the hardware might still be on. But you don't even really know that for sure. But without the OS getting exploited, why would it write it to the SSD instead of just to RAM temporarily? So maybe a few stores are in your RAM, but they are quickly getting rewritten. Again, you'd have to have your OS exploited by a virus or something that would be storing and sending your hash. That seems like quite an exploit.

 

[DGPMaluco]

Let the nail grow and use the nail, or flex the thumb and use the upper part of the nail (serious)

 

[PaulOBrain]

So, I'm sure I'm not the only one here who doesn't feel comfortable using the upcoming iPhone 5S's fingerprint reader. What can be done to disable it? Disabling it in the settings won't cut it as your prints will like still be stored on the phone - they just won't be used for authentication purposes.

Some screen protectors (e.g. Spigen's Glas.Tr) come with a small plastic cap that you stick on top of the home button. Would that be enough to disable the reader?



ps: if you're intending to use the fingerprint reader, please ignore this thread. I'm not interested in your personal opinion why it's a good feature.

 

[BeeGood]

To the OP,the easiest thing to do would be to cover the button with something (a sticker, paint, etc)

If that is not satisfactory, wait for someone to do a teardown video, make some notes, take your phone apart and remove the touchid sensor, or take it to an iphone repair person and have them do it.

Please note: I am not advocating anyone do any of this. Just answering the OP.