Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Thread beginning with comment 571853
To read all comments associated with this story, please click here.
wait
by arb1 on Wed 11th Sep 2013 22:52 UTC
arb1
Member since:
2011-08-19

So if it don't store it on the device then where? If its stored on Apple's then could could mean some type of back-dooring is possible since they could just tell phone its right finger print even when its not.

Reply Score: 1

RE: wait
by jared_wilkes on Wed 11th Sep 2013 23:26 in reply to "wait"
jared_wilkes Member since:
2011-04-25

RFTM

Reply Parent Score: 4

RE[2]: wait
by tylerdurden on Thu 12th Sep 2013 03:16 in reply to "RE: wait"
tylerdurden Member since:
2009-03-17

So where's the manual describing in detail the finger print subsystem, and where is the actual code so people can review it?

Reply Parent Score: 3

RE: wait
by flypig on Wed 11th Sep 2013 23:28 in reply to "wait"
flypig Member since:
2005-07-13

They do store some data on the device (at least according to the article), it's just not an actual image of your fingerprint. This probably isn't unusual for fingerprint readers: I believe only certain features are needed to repeat an identification.

Unfortunately the conclusion that "this means that even if someone cracked an iPhone’s encrypted chip, they likely wouldn’t be able to reverse engineer someone’s fingerprint" doesn't necessarily follow. It seems like a strange claim to make anyway. What exactly is it that they think the "privacy hawks" are worried about?

Reply Parent Score: 3

RE: wait
by Drumhellar on Thu 12th Sep 2013 00:51 in reply to "wait"
Drumhellar Member since:
2005-07-12

Presumably, it works like this:

Since fingerprints aren't compared in their entirety normally, since there's too much variability in quality of data to match exactly, certain types of features are located, usually whirls and loops, and their location is calculated relative to the the other features in a standardized way.

This data is used to generate a one-way hash, and that hash itself is compared to an original hash. The fingerprint is never stored permanently, and ideally is erased from memory the moment the hash is generated.

In the original announcement, Apple explicitly stated that it isn't stored in the cloud, and I'm inclined to believe them, since it would be quite trivial to discover that it isn't true.

Reply Parent Score: 6

RE[2]: wait
by Lennie on Fri 13th Sep 2013 09:23 in reply to "RE: wait"
Lennie Member since:
2007-09-22

I don't think they use a hash.

Because I think finger print readers use 'probability', it's not exact.

So what they store (encrypted) is about-here-is-a-whatever and about-there-is-a-something and if these mostly match the device will 'recognize' your fingerprint.

Reply Parent Score: 2

RE: wait
by Soulbender on Thu 12th Sep 2013 05:51 in reply to "wait"
Soulbender Member since:
2005-08-18

I"m going to guess that what they use is some kind of biometric equivalent to one-way hashes.
It would however be nice if this was documented the same way industry standard hashes are, especially since these hashes can't be changed and they uniquely identify you.

Edited 2013-09-12 05:59 UTC

Reply Parent Score: 4