Apple's New iPhone Has A Fingerprint Sensor

Tuesday, September 10, 2013 - 02:12 PM


The iPhone 5S will ship with a fingerprint sensor embedded in the home key. 

It's designed to make securing your phone a no-brainer. No passwords necessary. A month ago, this would've sounded like a great, time-saving innovation. This week, it's hard not to hear it as the set up to an NSA joke. Apple's Tim Cook says that "[Your fingerprint is] never stored on Apple servers or backed up to the iCloud. That's great news." 

I guess so. Over at Wired, Bruce Schneier seems less worried about government snooping and more worried about the possibilities of your fingerprint information being hacked

If the system is centralized, there will be a large database of biometric information that’s vulnerable to hacking. A system by Apple will almost certainly be local — you authenticate yourself to the phone, not to any network — so there’s no requirement for a centralized fingerprint database. Apple’s move is likely to bring fingerprint readers into the mainstream. But all applications are not equal. It’s fine if your fingers unlock your phone. It’s a different matter entirely if your fingerprint is used to authenticate your iCloud account. The centralized database required for that application would create an enormous security risk.

If I'm understanding Tim Cook right, Apple's going out of their way to not have a centralized database. I don't know. Easy NSA jokes aside, I genuinely can't tell yet how much to worry about this. 


More in:

Comments [2]

Peat Bakke

There's a couple of things to think about -- first is evaluating the threat of your fingerprints being released into the wild. This isn't much of a threat: there isn't much you can do with fingerprints other than identify someone. All things considered, it's much easier (and much more destructive) to guess someone's password than spoof their fingerprints. Generally speaking, having your fingerprints publicly known is not a big deal.

Then there's the matter of authentication with Apple's services. This is the scenario where someone is able to steal the fingerprint data within the phone (say, the malicious app scenario). Yes, this is a problem -- but it's not a new problem. After all, we can apply the same attack to passwords. It's not unreasonable to assume that Apple is taking as much (if not more) care in handling the fingerprint data than how they treat passwords, credit cards, and any other sensitive information.

My suspicion is that Apple will use a one-way hashing algorithm on the fingerprint data before saving or transmitting it. This prevents the fingerprint from being recreated by an attacker who gains access to the file (preventing the reconstruction of a fingerprint from the data), and can also prevent it from being used across devices (given a signature or device specific nonce). Apple is no stranger to strong cryptography -- I'm sure they've put far more thought into this than I have.

From a policy perspective, using fingerprints *significantly* improves the overall security of the Apple technical ecosystem by doing away with passwords, and introducing a very little additional risk. In other words, I think it's a great idea.

From a technical perspective, we'll have to wait and see. The devil is in the details with these kinds of things. :)

Sep. 10 2013 10:15 PM

Plenty to worry about. Apps on the phone can get at your locally stored prints; if an app is compromised, off prints go to the bad guy who Pwned the application. Hayden described the App Store as 400,000 ways to attack your phone.

Sep. 10 2013 03:57 PM

Leave a Comment

Email addresses are required but never displayed.

Supported by

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by Meredith Haggerty. You can subscribe to the TLDR podcast here. You can follow our blog here. I tweet @manymanywords and @tldr.

Subscribe to Podcast iTunes RSS