Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: High hopes for iPhone's Touch ID

Kenneth van Wyk | Sept. 24, 2013
I am not insensitive to privacy concerns, but I think that is an overreaction, and there's a lot about this fingerprint scanner that I really like.

Much has been written already about the new iPhones and the iOS 7 operating system. Some people are underwhelmed by the OS ("Apple is just stealing ideas from Android now!") and disappointed by the iPhone 5C ("Apple still isn't making cheap phones!"). For us security geeks, though, the big news is in the iPhone 5S's fingerprint scanner. It has also drawn its share of negative reactions, with privacy folks screaming bloody murder ("Big Brother is here!"). I am not insensitive to privacy concerns, but I think that is an overreaction, and there's a lot about this fingerprint scanner that I really like.

The fact is, I've been hoping for a fingerprint-based passcode mechanism on the iPhone for a long time now, so I'm ecstatic that it's finally arrived. Not that there aren't some potential pitfalls. But let's start with the basics.

The home button of the iPhone 5S is a fingerprint sensor, called Touch ID, that reads the user's fingerprint and uses that to unlock the device. We're told that Apple will also use Touch ID for verifying iTunes purchases, but that's just scratching the surface of what's possible.

All older iPhones, and the new 5C, can be locked with a passcode, with the default being a four-digit PIN. (Those individuals and companies that are more conscious of security matters can opt for a complex passcode and go well beyond four digits.)

Now, even a four-digit passcode is better than nothing, but there is a problem with the way Apple implements the passcode system: For several iOS versions now, the user's passcode, along with a device's unique hardware identifier, is used as a base when generating certain encryption keys. These keys include the ones that Apple uses for its DataProtection API and for protecting data in the device's keychain. Someone who gains physical possession of your device could compromise it quite easily if you use no passcode or only a four-digit passcode. And if your simple passcode is compromised, the bad guy gets more than just an unlocked phone; he has access to your encrypted files. So, yeah, a security geek like me is going to be excited by Touch ID. It's a big deal that the default passcode has gone form a four-digit PIN to the user's own fingerprint.

Ah, but what about the privacy implications? An iPhone that unlocks to your fingerprint has to store your fingerprint so it can make a match, right? True enough, and I'm not privy to how Apple is implementing the technology. I want to dive into that and find out more about it, but what I know about how Apple operates in other areas tells me that it is not about to store fingerprint images on Touch ID-protected devices without applying a strong hashing algorithm. I don't think it would do that any more than it would store a passcode in plain text. So my best guess is that hashed data is used to authenticate a scanned finger as a one-way function. An attacker could not derive a fingerprint from the hashed data.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.