Touch ID hardware

Apple left a few important questions unanswered regarding its all-new fingerprint sensor implemented on the iPhone 5s, called Touch ID. The useful feature stems from Apple’s 2012 purchase of Israeli-based biometric security experts AuthenTec. In a nutshell, Apple strives to easily and securely authenticate users into their device and approve purchases from the iTunes Store, App Store or iBookstore – simply by scanning their finger on the Home button.

What happens next is anyone’s guess. Neither Apple’s website nor available promotional material reveals much in way of detail. Perhaps sensing a privacy scare in the making, Apple dispatched its spokesperson to dispel any notion that the new iPhone might expose users to security risks…

Rather than store actual fingerprint images, the iPhone 5s keeps your fingerprint data in an encrypted form, a company spokesperson told The Wall Street Journal:

Apple’s new iPhone 5S, which comes with a fingerprint scanner, won’t store actual images of users’ fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple’s new Touch ID system only stores “fingerprint data,” which remains encrypted within the iPhone’s processor, a company representative said Wednesday.

This stored digital profile of your fingerprint (fingerprint data) is then matched against the sensor to authenticate the user. Assuming someone does crack the chip – which should be next to impossible – they “likely” wouldn’t be able to reverse-engineer someone’s fingerprint, the Journal speculates.

Touch ID in action

Apple imposes a 48-hour wipe procedure:

In an interview Wednesday, an Apple spokesman pointed to other security features the company has added to the phone. Apple customers who wish the use Touch ID also have to create a passcode as a backup.

Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn’t been unlocked for 48 hours.

This is by design, so hackers can’t “stall for time” as they try to find a way to circumvent the fingerprint scanner. There is a toggle in Settings to enable or disable Touch ID, but we haven’t known that a passcode as a backup measure is mandatory.

Another tidbit: even though Touch ID represents an improvement from the temperamental fingerprint scanners that often appear on consumer laptops, Apple said it may not work reliably with sweaty fingers.

Apple A7 chip (Secure Enclave 001)

But don’t worry, the mandatory passcode is a nice fallback should the sensor fail to read your finger.

It also has trouble reading some fingers, the spokesman said, possibly including ones scarred by accidents or surgery.

In those cases, Apple found users were able to “use another digit successfully with the scanner”.

We also know from what Apple’s executives told us during yesterday’s iPhone 5s/5c keynote that fingerprint data (again, your fingerprint profile rather than fingerprint images) is stored on a secure module on the new A7 chip.

Only the Touch ID chip inside the Home button is allowed to access this module.

Touch ID success

Apple is also wary of sucking fingerprint data up into the cloud.

“It’s never stored on Apple servers or backed up to iCloud,” Apple’s press release reads.

“All fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s,” the company underscores. The Secure Enclave is represented by a small white rectangle on the A7 graphics above.

Apple’s SVP of Hardware Engineering, Dan Riccio, explains in the Touch ID promotional video that “the sensor uses advanced capacitive touch to take, in essence, a high-resolution image of your fingerprint”.

I find it reassuring that Apple prohibit apps from using the Touch ID scanner or accessing your fingerprint profile, as per the Journal report. As we heard earlier today, Apple may have stopped syncing saved web passwords across devices via iCloud. This is possibly another precaution as Apple is thought to enhance Touch ID in the future by adding ability to authenticate the user on web sites, in apps and more.

  • Question

    Lies! i still dont trust that fingerprint option

    • No way man!

      me too im now even more terrified after reading this haha

      • Andy

        It’s optional anyway, don’t use it if you don’t trust it.

      • Rickm_jr

        That doesn’t mean it won’t be active 😉

      • @dongiuj

        It’s a selling point of the phone.
        You obviously don’t work for apple. Or maybe you do. “Genius” staff perhaps?

    • unabatedshagie

      Oh look, you dropped your tinfoil hat.

      • Ballziton Shnaps

        you hit the spot

    • richrich

      Everytime a non-US citizen enters the US, they are required to scan their fingerprints as well. That technology is nothing new.

      I am way more frightened of that, than this silly TouchID, to be perfectly honest.

      • Barnez Hilton

        Umm no that’s not true. I am Canadian and cross to the States all the time, never EVER have I had to give them my fingerprints.

        You must be a terrorist

      • richrich

        Alright, most of non-US citizens then.

  • Adithya Sairam

    I love Touch ID!

    • BeatModz

      ok you zombie !!

      • Danuel Carr

        Just because he likes something that you don’t he’s a zombie?

      • bob

        I like pizza so that means I’m a zombie. lol

      • Alex Rodriguez

        I like hiking I must be a zombie too

      • bob

        We’re all zombies! IT’S THE ZOMBIE APOCALYPSE!

      • Ballziton Shnaps

        I like zombies so I must be a zombie?

      • Joseph liong

        I like everything,so you can call me a super zombie..!!

      • Carlos Franklin

        I like the iphone 5s, so you can call me iZombie…lol

  • Psychic

    In ten years we’ll discover that Apple was secretly sending all fingerprints to the NSA along with location infomation, names and addresses among other things.

    • Jonathan

      Time to change my name and move to another country. Yay.

      • H5ire

        You Better Call Saul..!! 😉

      • Carlos Gomes

        It’s s’all good, man!

      • Ibro bawa

        I see what you did there…

      • Carlos Franklin

        simply hilarious!!!!

    • illK†Δ

      Your phone already shares all of that information. The government already has your fingerprints if you have a license 🙂

      • Barnez Hilton

        WHAT!
        you guys better state what country you are from when you post stupid things like to get a driver’s license you have to give your fingerprints.

    • Maxim∑

      yes because NSA will need your fingerprint again, just to make sure your fingerprint hasn’t changed the last time they took it which is when you were born

      ‘”all fingerprint information is encrypted, and stored inside the secure enclave” on the phone’s A7 processor. As the company clarified to the Journal, fingerprint “data” is stored — not an image of the fingerprint itself.”

      • Jonathan

        lets say someone in a hotel is killed. You stayed in that hotel room the night before, so your fingerprints are around the place because when the cleaners came in they didn’t clean *that* thoroughly.

        So now your fingerprints are in the same room as a dead body, the police come along and find them. You don’t have a criminal record or anything, so you’re not on any traditional database. However because your fingerprint is linked to your phone and the fingerprint data has been uploaded silently to a database accessible by the police, the police can get the exact location of you by looking up the phone connected to your fingerprint and activating the GPS.

        Also maybe they listen in on the phone calls you make as they get to you, and you are saying something perfectly innocent but in the context of a killer saying it (and the police are thinking your the killer) it means something else more sinister.

        Having a fingerprint reader in a phone offers a much stronger and direct link between a real person and their phone. I’m all for the fingerprint reader, because I cba to have a passcode, but I want to know exactly how it works and who has access to what data. I find it a little worrying that Apple say “not uploaded to Apple servers or iCloud” when it would be easier to say “not uploaded to any server”

      • Scott

        And guess what, that might prove you didn’t do it since your phone would be sending and receiving data from cell towers that night. If your cell isn’t in the area but is actively being used is helps cooberate your alibi for that night. No longer a suspect or prime suspect.

      • Franck Kamayou

        Minority Report.

      • Barnez Hilton

        the fact that you checked out the night before, and returned the key, and didn’t check in again the day of the murder wouldn’t clear your name. Come on Matlock!

      • EdMar305

        all that sounds like an extreme yet possible situation but at the end of the day you’re not the killer. however lets say you were the killer and its because of the fingerprint sensor that you got caught, well then the system works. if you’re innocent then you should be able to back yourself up beyond a reasonable doubt that it couldn’t possibly have be you. will there be some drama and some explaining to do? yes, but someone was just murdered and i think that warrants an explanation even if you had nothing to do with it. i think that before you come up with some far fetched scenario you should consider using a little logic and reason. real life is little different then CSI. just saying

    • Chris Holden

      who cares? lol

      • Kurt

        Learn about Venezuela under Chavez. You will never say such a stupid comment again.

      • Carlos Gomes

        Let’s google “Venezuela under Chavez”, then.
        Now seriously, care to talk a bit more about it?

      • You don’t just google it, you’ll have to click a search result relating to it….here’s (http://on wsj com/1811TPw) one for you to reflect on.

      • bob

        ??

      • In other words….

      • Record your next sex act and post it online (but really I don’t want to see it). You have nothing to hide.

    • NSA Whistleblower

      iPhone 6 will have 3D FaceTime but is really an afront for biometric eye scanners and the Touch ID will send DNA composition charts to the NSA. of course you won’t find out about this until iPhone XVi (yes they will have moved to roman numerals by then and the “i” is intensional)

    • Jonathan

      Well they won’t have lied if they do that. because they quite specifically say not to “Apple server or iCloud”, no mention of other servers that say belong to the NSA.

    • bob

      My prediction is that in 3 years the nsa will pressure apple to give out fingerprints.

      • Barnez Hilton

        what pressure?, they already have decrypted most internet encryption. they just need to intercept now

      • Guest

        kind of true . but pgp still works!

      • Unless of course they’ve tapped into the keyboard/video/audio driver on your computer and don’t need to decrypt anything.

    • bob

      someone could just print out a fingerprint on paper and put it on the iphone. added security: buy your iphone with cash, not visa.

    • Umut Bilgiç

      Dude, come on. Really? It is completely idiotic to think that such thing would occur. It is not “that” hard, for an iOS hacker to get into the system, look at the kernel for the code, that allows access to encrypted fingerprint binary. The outcomes would be disastrous for applr if such thing occured, like it happened with theother NSA case. I mean, still, it is encrypted, with a key that only the fingerprint scanner has access to, and it is not an image. Only if, Apple shared the encryption key with NSA, for the every god damn iPhone 5s shipped and seemlesly exported the encryepted binary to the NSA, yeah that would be huge, and I would be surpised. I dont really think Apple would go for such thing, taking the possiblitiy that it could be found out, again, that secret data that should have been kept secret is being shared with others.

  • Jae

    This is great news. Now I have to worry about my fingers being cut off when they steal my phone.

    • Alexander Reimann

      Nah that’s too messy, it’s easier to torture you for the backup digit code

  • Avery Massenburg

    So if the phone is rebooted we’ll have to set up Touch ID again? Or do we just need to enter the passcode and it will automatically set itself up?

    • Lance Baker

      I would imagine the first time after a reboot will require the passcode any time after that your Touch ID will work.

  • smtp25

    I don’t even live in the US and they already have my finger prints because they take them when you go through US customs

  • Slammamon

    Ok, what I think people aren’t really considering, is that fingerprint scanners have been on laptops for years now, but no one has made a fuss about ‘security’ on those so why is Apple something to suddenly cause a fuss about? They’ve told us that their system is secure, probably more secure than any laptop I’ve heard about. Fingerprint scanners aren’t new technology people!

    • chumawumba

      There’s a difference between doing it first, and doing it right.

      • Joseph

        Why does it matter? A fingerprint scanner is a fingerprint scanner regardless, and it’s a step for security. I’d you’re that is rates by the time it takes on older devices, then don’t use it!

        You’re also comparing 10 year old technology to technology that’s very recent. Your comparison is pretty bad.

    • bob

      yeah lol this technology is like 10 years old

    • Franck Kamayou

      It’s because the iPhone is potentially going to be used by millions of people, a lot of people will have it set up because it’s so convenient. Your thumb touches the home button all the time. And, Apple often has the user’s information, plus potentially the user’s exact location. On the other hand, the previous devices with fingerprint sensors were crappy sensors, very few users had the devices, very very few bothered to set it up because it was a pain to use, and those devices didn’t store user information and location.

      • Slammamon

        And millions of people don’t have laptops with fingerprint scanners? My work place (a crappy IGA grocery store) had a fingerprint shift system.

        Apple have our name, our address, our emails, our phone numbers, and our exact location providing we have our phones on us. They also have access to our emails and messages. I think our fingerprints are the least of our worries, unless you’re a stupid criminal who leaves your fingerprints everywhere. So many paranoid people losing their shit over nothing new.

        If you really think they care about you so much that your fingerprint is valuable to them, or anyone, then you’re dead wrong.

      • Franck Kamayou

        Yes millions of people don’t have laptops with fingerprint scanners, at least not the same kind of millions we are talking about… and at least the don’t use it. And no, usually a windows machine doesn’t have the same informations like Apple does….

        I am not worry about the finger print scanner, because I too think that there is nothing to be scared for, but I can understand the buzz around it with iPhone.

        And seriously it’s also because Apple does it that people care.

    • Because they naysayers will hate anything Apple even if those same naysayers are already using the technology on some other device. Of course the same naysayers will say the facial recognition on their chosen non-Apple device is awesome. Never mind that the government already has their photo for drivers license, passports, etc. or their employer or school or every traffic and street camera.

  • Tony Trenkle Jr.

    So that ICloud keychain was bogus then? Why waste time showing us if that’s not gonna be in iOS 7?!

    • chumawumba

      It is possible they are holding off on releasing it now, maybe in the near future.

      • Tony Trenkle Jr.

        Well that would suck…

  • Matthew Cooper

    Us as hackers and jailbreakers know that everything can and will be cracked. Worse thing they did was basically say it couldnt be done.

    • Rowan09

      Yes but are you leaving your stolen iPhone with someone to steal your info? With the scanner and IOS 7 it makes it more secure and most people finding iPhones are not hackers.

      • Rickm_jr

        Lol script kitties

  • Matt

    Perfect time to snatch up an iPhone 5 on Verizon Edge plan. Just checked and monthly is cheaper. 🙂

  • s0me

    Ohh noess not another US spyware, in other countrys, you dont have to give your fingerprints for sh*t… so they gonna spy on everyone else with the ultimate “spy tool”. n1

  • bob

    I don’t trust this I don’t want companies, hackers or the government getting my fingerprint.

    • Rickm_jr

      Shut up and go build something

      • bob

        stop trolling

    • Barnez Hilton

      then don’t touch anything

  • Steven Honey

    they already have mine…and everyone else that has been in the military

    • Danuel Carr

      Or gotten a driver’s license. Or gone through customs. And thank you for your service, sir.

      • Rickm_jr

        Or born on US soil. Hospitals y’know

  • Sean Cua

    People are so paranoid nowadays.

    • Derpjz

      I take it you don’t watch/read the news much?

      • Sean Cua

        I don’t live in the USA.

      • Derpjz

        Yup you definitely don’t watch the news.

  • J M

    Sounds like it could turn out to be a bit “gimmicky” in it’s functionality…

  • Brian

    Fingerprint + Israel ??!! Adios Apple.

  • Micaiah Martin

    There is no such thing as “safe personal information” in the Unite States anymore.

    • Kurt

      Thats the new Freedom we are selling to the world

  • Matt

    Apparently people have something to hide. Personally, I don’t care who is looking at what I do on my iPhone, I have nothing to hide. Now if the NSA were taking my credit card numbers and buying tons of Apple products we’d have an issue…

    • Bob

      So you’d be okay with a thief having access to all your contact information, emails, pictures, videos, notes and so on?

      • Matt

        Well if the thief didn’t do anything with any of my things then sure. I have nothing to hide. The NSA can look at everything I do, why would I care?

      • Bob

        You’re not the brightest bulb in the box are you.

      • Matt

        Actually I am pretty smart to be honest. It just seems like you are having a ridiculously difficult time comprehending what I’m saying. The NSA can look at everything they want to of mine. The NSA doesn’t steal physical things from me, so what does it matter. It’s like having a public Facebook profile. People can look at it all they want but they can’t change my profile picture. So the NSA can look at all my stuff, but I’d have an issue if they started physically tampering and altering the function of my products.

      • Bob

        Self declarations of intelligence are usually a sign of idiocy. Just saying.

      • Matt

        I love how you change the entire subject to simply evade the point. You sir, are a joke. Good day.

  • mav3rick

    Let’s trust them…

  • john smith

    reading article. reading comments. googled where is Samsung Note 3 pre-order site.

  • Joseph A. Ahmad

    I honestly don’t care if the government knows what I’m doing. I’m just living my life, doing nothing illegal, and just chillin. It may not be the most exciting life but whatever!

    • Shadowlink

      That is not the point.
      people are so clueless.

      • Joseph A. Ahmad

        Oh I know they are. A good amount of people will probably incriminate themselves. But you have to admit, it’s a cool piece of technology.

  • maverickmax

    there is always a way…

  • @dongiuj

    Sweaty fingures? This will most probably be a huge failure in asia during the summer then. The summers are intensely hot and massively humid.

  • Tom

    I’m from Israel!!! YAY! maybe this will lead for an Apple store here 🙂

    • omrishtam

      -_-

  • TuNuT

    I just assume I don’t enable the ActivationLock, just enable the passcode & Touch ID. Someone steals it, put it in DFU mode and restore, will it be bypassed then?

    • rasengan720 .

      Most likely I think.. But it’s safer to enable activation lock then

  • cd

    NSA will just hack any finger print they want, they are a bunch of bastards remember

  • rasengan720 .

    It’d be awesome if once jail broken the home button could get extra functionality.. Like say zephyr like functionality for eg.. 🙂

  • Mike M. Powell

    *Steals ip5s*
    -access denied-
    ….shit cant’t get in w/o fingerprint….
    *goes back n chops off victims thumbs*
    -access approved-
    Hahaha gf apple >:D’

    • Dani Hayes

      I like your style.

  • Arjay Dioquino Antonio

    I still think a fingerprint is harder to copy/obtain than a normal appstore password

  • Patrick

    NSA can go to hell, however i might use the scanner because im too lazy to put the password in each time, and if people do find out that info has been sent to the US gov then some people will get really really pis*ed off

  • Shady Gnaiem

    what if the home button is broken and they didn’t add a normal password as a ‘ backup ‘ ?

    • Anthony Petell

      you HAVE to add a passcode as a back up. Setting up TouchID prompts you to set one before you enroll fingerprints.

  • Hani Akil

    Who cares if my fingerprint is taken what will they do bomb me or use my fingerprint to open my 5 billion dollar safe?

  • Think

    Authentec?
    Israeli?
    Only an idiot would write that, and show a picture of a 13 year old marketing demo, not even a production prototype.
    The Japanese have been using Authentec sensors successfully in their domestic phones for nearly 10 years, with better apps and convenience than Apple now shows.
    I’m sure Apple will catch up quickly.

  • Garrett Hausman

    “This stored digital profile of your fingerprint (fingerprint data) is then matched against the sensor to authenticate the user. Assuming someone does crack the chip – which SHOULD be NEXT TO impossible – they “LIKELY” wouldn’t be able to reverse-engineer someone’s fingerprint, the Journal SPECULATES.”

    The above paragraph is written above the second image down in the article. The four highlighted words truly she’s light on the fact that they are ASSUMING someone can’t hack into your phone and get your fingerprint. And the journal SPECULATES it would be NEXT TO impossible.

    In my opinion those words creat four gaping holes of doubt, and they don’t seem to be too sure of themselves. Those words look like they are designed to create comfort while saving their own asses in the event they are wrong