Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Permalink for comment 571971
To read all comments associated with this story, please click here.
RE[11]: wait
by jared_wilkes on Fri 13th Sep 2013 00:56 UTC in reply to "RE[10]: wait"
jared_wilkes
Member since:
2011-04-25

Yeah, RTFM. There is ample materials — albeit marketing materials — that state that the fingerprint authentication solely resides on the dedicated coprocessor and it is not uploaded. This general sentiment is spoken by their Senior Hardware Executives. This is simple truth.

I'm not suggesting that this won't be a target of attacks... or that it will never be cracked... or that governments don't already have it cracked... or that there aren't drawbacks... or that we don't know how well it works in the real world... or if their will ever be a specification that gives us greater understanding. I'm not being a gullible noob accepting whatever the marketers want me to accept. However, I am taking it as truthful that there is a dedicated coprocessor on the SOC that keeps the fingerprint authentication relatively secure and Apple never needs to transmit that data anywhere else off of the device. I am only stating this simple fact. I do not think it's in dispute.

RTFM.

Edited 2013-09-13 00:58 UTC

Reply Parent Score: 2