Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Thread beginning with comment 571956
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[9]: wait
by jared_wilkes on Thu 12th Sep 2013 20:08 UTC in reply to "RE[8]: wait"
Member since:

Maybe you should rejoin reality. No one agrees with you. Everyone seems to unambiguously accept that Apple is being truthful in saying that the only place your fingerprint/authentication data will reside is locally on an iOS device equipped with Touch ID on a secure coprocessor of the SOC and that they will not transmit that data off of the device.

You can continue to claim that's not verified and that Apple may be lying, but you just sound like a nutjob.

Reply Parent Score: 2

RE[10]: wait
by Alfman on Thu 12th Sep 2013 20:58 in reply to "RE[9]: wait"
Alfman Member since:


Just calm down... there's good reason to take security claims with a grain of salt. All companies are known to stretch the truth when it suits them.

We really don't know if the iphone finger reader will be capable of storing finger prints directly, the sensor can probably do it even if apple doesn't store it. The thing is this opens up devices to *targeted* attacks where hackers remotely enable such capabilities even if they aren't enabled out of the box.

Mind you I'm not asserting such, but it's completely plausible (if not probable) that the spokesperson is totally clueless and is just echoing what he's been allowed to tell. Being a spokesperson, even one from apple, shouldn't put claims above scrutiny.

Reply Parent Score: 3

RE[11]: wait
by jared_wilkes on Fri 13th Sep 2013 00:56 in reply to "RE[10]: wait"
jared_wilkes Member since:

Yeah, RTFM. There is ample materials — albeit marketing materials — that state that the fingerprint authentication solely resides on the dedicated coprocessor and it is not uploaded. This general sentiment is spoken by their Senior Hardware Executives. This is simple truth.

I'm not suggesting that this won't be a target of attacks... or that it will never be cracked... or that governments don't already have it cracked... or that there aren't drawbacks... or that we don't know how well it works in the real world... or if their will ever be a specification that gives us greater understanding. I'm not being a gullible noob accepting whatever the marketers want me to accept. However, I am taking it as truthful that there is a dedicated coprocessor on the SOC that keeps the fingerprint authentication relatively secure and Apple never needs to transmit that data anywhere else off of the device. I am only stating this simple fact. I do not think it's in dispute.


Edited 2013-09-13 00:58 UTC

Reply Parent Score: 2

RE[10]: wait
by tylerdurden on Fri 13th Sep 2013 19:50 in reply to "RE[9]: wait"
tylerdurden Member since:

Blah, blah, blah, so basically what you're trying to let us know is that you haven't read either the fucking manual you were telling others to read.

Not surprising given how it hasn't been publicly released yet.

BTW, arguments to popularity, besides being sad and childish, are fallacies. You could try making logic arguments, so you can save the time and effort of having to go through all those alt accounts. Just trying to help you out.

Reply Parent Score: 2

RE[11]: wait
by jared_wilkes on Fri 13th Sep 2013 20:59 in reply to "RE[10]: wait"
jared_wilkes Member since:

Umm, you are an idiot. RTFM does not mean: hey there is a fully detailed, technical specification and manual that you would enjoy reading. It means: your comments and/or questions are stupid because you clearly haven't done any reading whatsoever.

When someone posts "RTFM", it doesn't literally translate to: hey, I should search the web for a manual... It means: what you said was stupid, look at what you said, develop a theory for what it may be stupid, then go back and actually read the story, READ the story, and you will see why you are being mocked for not having READ before posting.

Reply Parent Score: 2