Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Thread beginning with comment 571865
To read all comments associated with this story, please click here.
Not an image. Ok...
by Flatland_Spider on Thu 12th Sep 2013 01:01 UTC
Flatland_Spider
Member since:
2006-09-01

There are still questions.

Presumably this could be used to collect all of the fingerprints of people who touch the phone. iOS is built so that everyone has to touch the home button multiple times during a session. Is the sensor still active outside of areas that need authentication, and does it store a list of the incorrect fingerprints?

Then there is the anonymity aspect. How easy is the fingerprint signature to reverse? Now there is proof who the phone belongs to.

Then there is the question of how much tracking is Apple using this for. Do they have a log of when the phone has been used and by whom?

Reply Score: 3

RE: Not an image. Ok...
by galvanash on Thu 12th Sep 2013 01:55 in reply to "Not an image. Ok..."
galvanash Member since:
2006-01-25

There are still questions.

Presumably this could be used to collect all of the fingerprints of people who touch the phone.


But they don't actually store fingerprints... So worst case scenario they are storing a hash of your fingerprint - which (if they do it right) cannot be used to determine the actual fingerprint that was used to compute the hash.

iOS is built so that everyone has to touch the home button multiple times during a session. Is the sensor still active outside of areas that need authentication, and does it store a list of the incorrect fingerprints?


I don't see any reason why they would store incorrect fingerprints - it just doesn't make any sense at all to do that (on a technical or functionality level).

Then there is the anonymity aspect. How easy is the fingerprint signature to reverse? Now there is proof who the phone belongs to.


Again, it should be mathematically impossible, and if it isn't the lawsuits will start flying like bullets in a drive by...

Then there is the question of how much tracking is Apple using this for. Do they have a log of when the phone has been used and by whom?


That is an interesting one, because if they are trying to go after the enterprise market this would actually be a very valuable feature - HIPPA laws practically require it. That said, it is probably an undesirable feature in the consumer market (obviously). If they are smart there would be some way to turn such logging off and on using provisioning profiles - but I don't know if they do anything like this or not currently.

Reply Parent Score: 2

RE[2]: Not an image. Ok...
by tylerdurden on Thu 12th Sep 2013 03:07 in reply to "RE: Not an image. Ok..."
tylerdurden Member since:
2009-03-17

So worst case scenario they are storing a hash of your fingerprint - which (if they do it right) cannot be used to determine the actual fingerprint that was used to compute the hash.


What you define as "doing it right" it's actually "doing it absolutely wrong": If the system can't be used to determine the actual correct fingerprint (the owner's) then it is useless.


Then there is the anonymity aspect. How easy is the fingerprint signature to reverse? Now there is proof who the phone belongs to.


Again, it should be mathematically impossible, and if it isn't the lawsuits will start flying like bullets in a drive by...



I think both of you may be missing the point. If a 3rd party manages to get a hold of the fingerprint signature, they already have all the information they need about said fingerprint. There is no point in "reverse engineer."

The point of a database of finger prints. It's not about reverse engineer the print, but rather to match the signature of an unknown finger print, probably gathered in the field, against a data base of "known" signatures. If there is a positive, then you can easily figure out who that "unknown" signature belongs to, because the positive signature is associated with a specific phone/device and the owner of such is known.

Edited 2013-09-12 03:14 UTC

Reply Parent Score: 5

RE[2]: Not an image. Ok...
by Flatland_Spider on Thu 12th Sep 2013 19:09 in reply to "RE: Not an image. Ok..."
Flatland_Spider Member since:
2006-09-01

But they don't actually store fingerprints... So worst case scenario they are storing a hash of your fingerprint - which (if they do it right) cannot be used to determine the actual fingerprint that was used to compute the hash.


Presumably they're using a hash, but the article didn't state how they are storing the fingerprint data. It said they aren't storing an "image", so I erred on the side of ambiguity used fingerprint to reference whatever data is generated and stored.

Of course, it can't be used to get the actual fingerprint. Fingerprint scanners work by creating graphs of features on the finger.

The point is Apple hasn't released any information on how this works, so it's an unknown black box.

Then there is the anonymity aspect. How easy is the fingerprint signature to reverse? Now there is proof who the phone belongs to.


Again, it should be mathematically impossible, and if it isn't the lawsuits will start flying like bullets in a drive by...


Reverse was the wrong word. I should have used replicate since I was contemplating how hard it would be for some law enforcement agency to tie people to a specific phone.

I don't see any reason why they would store incorrect fingerprints - it just doesn't make any sense at all to do that (on a technical or functionality level).


Evidence that people tried to access the phone without permission.

If the phone is stolen, the thieves would provide evidence that they were in possession of the phone. If the phone is a company phone, people who are trying to circumvent security policies would be logged.

You kind of agree with this at the end of your post. The negatives are just as important as the positives.

Reply Parent Score: 3

RE[2]: Not an image. Ok...
by Lennie on Fri 13th Sep 2013 09:36 in reply to "RE: Not an image. Ok..."
Lennie Member since:
2007-09-22

I really doubt it isn't a hash. Fingerprint reading isn't exact. Every read does not give you the same numbers. Not even ones.

So they store the characteristics of your finger print, something like coordinates of where features like mountains and valleys are.

Let's say you have a list of these features, that won't allow you to create an image of what your fingerprint looks like.

But it however would be enough to make a new fake fingerprint, though. So it doesn't matter.

Reply Parent Score: 2