Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Permalink for comment 571886
To read all comments associated with this story, please click here.
RE[3]: wait
by jared_wilkes on Thu 12th Sep 2013 04:22 UTC in reply to "RE[2]: wait"
jared_wilkes
Member since:
2011-04-25

Further, I presume the parent mistook "images of your fingerprints" (a pretty ludicrous concern and lack of understanding in the first place, a good showing of how poor technology reporting is at informing the general public) for "the information necessary, likely one-way hashed and encrypted, (we don't really learn anything from this article on the implementation beyond what was in the keynote and a general understanding of the state-of-the-art) that authenticates your fingerprint with your ID".... so he thought your unique Touch ID is not stored locally... which would likely be less secure. But it is. And it's only stored locally. Do I think that's been reasonably well reported and trustable as the truth? Yes I do. RTFM.

Do I trust that it can't be hacked? No way. Do I think it's perfect? No, but it doesn't sound worse than an 18-digit passphrase with at least one case variation, a number, and a special character. I want to know more. But this does sound better than most current forms of authenticating when considering all factors.

Edited 2013-09-12 04:27 UTC

Reply Parent Score: 4