Monday, November 4, 2013

Touch ID security more elaborate than we thought?

The security of the Touch ID fingerprint sensor in iPhone 5S has been a controversial topic with plenty of discussions around it. New data, however, reveal that Apple may have paid more attention to secure the technology than what was initially thought by locking each Touch ID sensor with one single A7-CPU.

best touch id hack crack security bypass
When the iPhone 5S was launched, one of its main features was the incorporated fingerprint reader technology known as Touch ID. Using Touch ID, the users could, for example, unlock the phone and approve app purchases in the App Store. However, the security of the Touch ID fingerprint sensor has been a very controversial topic. Apple claims that the fingerprint data is stored locally on the phone inside the A7 CPU securely with no possibilities to retrieve it remotely. However, for privacy concerned users who have to take Apple's word for it, this is not enough. In addition, the security itself offered by the Touch ID is questionable and the Touch ID itself is relatively easily bypassed through the use of fake fingerprints (provided that this is done within the Touch ID active period of course). 

In any case, Apple has since published elaborate descriptions on how Touch ID functions in an attempt to convince people that it is indeed safe to store their fingerprints on their iPhone 5S devices. However, now new data has been published by iMore and Mendmyi who claim that Apple has incorporated an additional layer of security into Touch ID.

It was found that each Touch ID sensor is paired strictly to one unique A7-CPU. This means, that it is not possible for a user to change the Touch ID sensor as it will not be authenticated by the A7-CPU and vice versa. The likely reason for this is to prevent tampering with the security. For example, this pairing means that it is not possible to use a fake or modified sensor which has the fingerprint data pre-stored on it to bypass the Touch ID. Similarly, it is not possible to use a similar fake or modified sensor to extract the fingerprint data from the A7 CPU. 

Whatever the true reason, this added layer of security does indicate that Apple has taken security seriously this time, and may convince some additional users to start using the Touch ID technology. Although, for those who are truly privacy concerned, this is probably still not enough to convince them otherwise. Whatever Apple says, nothing is really preventing them from uploading the fingerprint contents to, for example, iClouds or directly to them if they wanted due to the closed-source nature of the whole iOS ecosystem. Considering the recent NSA events, it is worth to think twice for anyone concerned about their privacy.

No comments:

Post a Comment