Touch ID: Difference between revisions
removed unsubstantiated (& suspect) claim that had no evidence |
mentioned the impact of adding 2 kinds of unlock |
||
Line 18: | Line 18: | ||
==Security and privacy== |
==Security and privacy== |
||
Touch ID can be bypassed using passcodes<ref name="wsj code entry">{{cite web|url=http://blogs.wsj.com/digits/2013/09/11/apple-new-iphone-not-storing-fingerprints-doesnt-like-sweat|title=Apple: New iPhone Not Storing Fingerprints, Doesn’t Like Sweat|publisher=[[The Wall Street Journal]]|work=Digital|date=September 11, 2013|accessdate=September 11, 2013}}</ref>, thus on account of it presenting a new different way for access to the device, it represents an overall security decrease. Despite this, Apple's claim that security is increased is actually true, because it's based on the fact that users who formerly had no passcode at all, will now use Touch ID. |
|||
Fingerprint data is stored on the secure enclave of the [[Apple A7]], [[Apple A8|A8]], or [[Apple A8X|A8X]] chip of the device itself, and is not stored on Apple servers, nor on iCloud. From the Efficient Texture Comparison patent<ref name="Efficient Texture Comparison patent">{{cite web|url=http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838|title=Efficient Texture Comparison|publisher=[[US Patent & Trademark Office]]|work=Digital|date=May 18, 2012|accessdate=November 21, 2013}}</ref> covering Apple's TouchID: "''In order overcome potential security drawbacks, Apple's invention includes a process of collapsing the full maps into a sort of checksum, hash function, or histogram. For example, each encrypted ridge map template can have some lower resolution pattern computed and associated with the ridge map. One exemplary pattern could be a histogram of, e.g., the most common angles (e.g., a 2 dimensional (2D) array of common angles). The exemplary pattern could include in each slot an average value over a respective vector of the map. The exemplary pattern could include in each slot a sum of the values over a respective vector of the map. The exemplary pattern could include the smallest or largest value within a respective vector of the map, or could be a difference between a largest and a smallest value within the respective vector of the map. Numerous other exemplary embodiments are also possible, and any other exemplary pattern calculation can be used, where the exemplary pattern includes enough associated information to narrow the candidate list, while omitting enough associated information that the unsecured pattern cannot or cannot easily be reverse engineered into a matching texture.''" |
Fingerprint data is stored on the secure enclave of the [[Apple A7]], [[Apple A8|A8]], or [[Apple A8X|A8X]] chip of the device itself, and is not stored on Apple servers, nor on iCloud. From the Efficient Texture Comparison patent<ref name="Efficient Texture Comparison patent">{{cite web|url=http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130308838%22.PGNR.&OS=DN/20130308838&RS=DN/20130308838|title=Efficient Texture Comparison|publisher=[[US Patent & Trademark Office]]|work=Digital|date=May 18, 2012|accessdate=November 21, 2013}}</ref> covering Apple's TouchID: "''In order overcome potential security drawbacks, Apple's invention includes a process of collapsing the full maps into a sort of checksum, hash function, or histogram. For example, each encrypted ridge map template can have some lower resolution pattern computed and associated with the ridge map. One exemplary pattern could be a histogram of, e.g., the most common angles (e.g., a 2 dimensional (2D) array of common angles). The exemplary pattern could include in each slot an average value over a respective vector of the map. The exemplary pattern could include in each slot a sum of the values over a respective vector of the map. The exemplary pattern could include the smallest or largest value within a respective vector of the map, or could be a difference between a largest and a smallest value within the respective vector of the map. Numerous other exemplary embodiments are also possible, and any other exemplary pattern calculation can be used, where the exemplary pattern includes enough associated information to narrow the candidate list, while omitting enough associated information that the unsecured pattern cannot or cannot easily be reverse engineered into a matching texture.''" |
||
Revision as of 08:12, 11 September 2015
Touch ID is a fingerprint recognition feature, designed and released by Apple Inc., and currently available on the iPhone 5S, the iPhone 6 and iPhone 6 Plus, the iPad Air 2, and the iPad Mini 3. Apple says Touch ID is heavily integrated into iOS devices, allowing users to unlock their device, as well as make purchases in the various Apple digital media stores (iTunes Store, the App Store, iBookstore), and to authenticate Apple Pay online or in apps. On announcing the feature, Apple made it clear that the fingerprint information is stored locally in a secure location on the Apple A7 (in iPhone 5S and iPad mini 3 (APL0698)), A8 (in iPhone 6 and iPhone 6 Plus), or A8X (in iPad Air 2) chip, rather than being stored remotely on Apple servers or in iCloud, making it very difficult for external access.
History
Only a few other smartphone makers have built fingerprint scanning into their phones, as with the Motorola Mobility Atrix 4G in 2011 and the Samsung Galaxy Alpha 4G in 2014,[1] although none of them were implemented into the operating system like Touch ID. The iPhone 5S is the first phone on a major US carrier since then to feature the technology.[2]
In 2012, Apple acquired AuthenTec, a company focused on fingerprint reading and identification management software, for $356 million.[3] Since then, people have expected a fingerprint reading feature.[1][3]
A leak on September 3, 2013, suggested that the feature would be coming to the iPhone,[4] while an alleged user guide showing the feature leaked just hours before the announcement came.[5] Wells Fargo analyst Maynard Um predicted on September 4, 2013, that a fingerprint sensor in the iPhone 5S would help mobile commerce and boost adoption in the corporate environment.[6] "As consumers increasingly rely on mobile devices to transact and store personal data, a reliable device-side authentication solution may become a necessity", Um said.[6]
Apple's Vice President of Marketing Phil Schiller announced the feature at Apple's iPhone media event on September 10, 2013,[1] spending several minutes (the last major portion of the conference) discussing the feature.
Hardware
Touch ID is built into the home button, which is built of laser-cut[7] sapphire crystal so as not to scratch (which would prevent Touch ID from working).[8] It features a stainless steel detection ring to detect the user's finger without pressing it. There is no longer a drawing of an app icon in the home button, nor is it concave.
The sensor uses capacitive touch to detect the user's fingerprint.[8] The sensor has a thickness of 170 µm, with 500 pixels per inch resolution. The user's finger can be oriented in any direction and it will still be read.[3] Apple says it can read sub-epidermal skin layers,[9] and it will be easy to set up and will improve with every use.[7]
Security and privacy
Touch ID can be bypassed using passcodes[10], thus on account of it presenting a new different way for access to the device, it represents an overall security decrease. Despite this, Apple's claim that security is increased is actually true, because it's based on the fact that users who formerly had no passcode at all, will now use Touch ID. Fingerprint data is stored on the secure enclave of the Apple A7, A8, or A8X chip of the device itself, and is not stored on Apple servers, nor on iCloud. From the Efficient Texture Comparison patent[11] covering Apple's TouchID: "In order overcome potential security drawbacks, Apple's invention includes a process of collapsing the full maps into a sort of checksum, hash function, or histogram. For example, each encrypted ridge map template can have some lower resolution pattern computed and associated with the ridge map. One exemplary pattern could be a histogram of, e.g., the most common angles (e.g., a 2 dimensional (2D) array of common angles). The exemplary pattern could include in each slot an average value over a respective vector of the map. The exemplary pattern could include in each slot a sum of the values over a respective vector of the map. The exemplary pattern could include the smallest or largest value within a respective vector of the map, or could be a difference between a largest and a smallest value within the respective vector of the map. Numerous other exemplary embodiments are also possible, and any other exemplary pattern calculation can be used, where the exemplary pattern includes enough associated information to narrow the candidate list, while omitting enough associated information that the unsecured pattern cannot or cannot easily be reverse engineered into a matching texture."
[1][9] If the user's phone has been rebooted, or has not been unlocked for 48 hours, only the user's passcode, not a fingerprint, can be used to unlock the device.[10]
In September 2013, the German Chaos Computer Club announced that it had bypassed Apple's Touch ID security. A spokesman for the group stated: "We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token."[12][13] Similar results have been achieved by using PVA Glue to take a cast of the finger.[14]
Impact
In an opinion piece New York Magazine assumed that consumers are generally not interested in fingerprint recognition, preferring to use passcodes instead. Traditionally, they said, only businesspeople such as Bloomberg employees used biometric recognition, although they believe Touch ID may help bring fingerprint recognition to the masses. The magazine said the feature will also allow application developers to experiment, should Apple open-up access to Touch ID later on.[15]
New York Magazine also noted that complementary metal oxide semiconductor (CMOS) sensors such as those found on Touch ID generally wear out and become unusable after some period of time. The magazine said that while Apple may have found a way to manufacture the sensors better, if they stop working, users may just switch back to using their passcode, making fingerprint recognition a non-starter once again. It also notes that fingerprint technology still has some issues, such as the potential to be hacked, or of the device not recognizing the fingerprint (for example when the finger has been injured).[15]
Adrian Kingsley-Hughes, writing for ZDNet, said Touch ID could be useful in bring your own device situations. He said that the biometric protection adds another layer of security, removing the ability of people to look over the shoulders of others and read their passcode/password. He added that Touch ID would prevent children from racking up thousands of dollars in unwanted purchases when using iPhones owned by adults. The author said that Touch ID was Apple's response to the large number of iPhone crimes, and that the new feature would deter would-be iPhone thieves. He notes that the feature is one of the few that distinguish the iPhone 5S from the 5C.[16] New York Magazine said the feature is intended to deter theft.[15] Brent Kennedy, a vulnerability analyst at the United States Computer Emergency Readiness Team, expressed concern that Touch ID could be hacked and suggested that people not rely on it right away.[17] Forbes noted a history of fingerprints being spoofed in the past, and noted that the fingerprints on a stolen iPhone might be used to gain unauthorized access. However, it did say that biometrics technology had improved since tests on spoofing fingerprint readers had been conducted.[17]
Galaxkey was the first company to deploy encrypted email using Touch ID and thus implement two-factor authentication on an iOS device. They noted that the fingerprints could be used to gain authorized access to email and files on Touch ID-enabled devices.[17]
ZDNet suggested the Touch ID as a form of two-factor authentication, whereby something one knows (the password) with something one has (the fingerprint).[16] Forbes said that, if two-factor authentication is available, it will be an overall improvement for security.[17]
Forbes columnist, Andy Greenberg, said the fact that fingerprint data was stored on the local device and not in a centralized database was a win for security.[18]
New York Magazine noted that those wary of surveillance agencies such as the US National Security Agency may still choose not to use Touch ID.[15]
References
- ^ a b c d Valazco, Chris (September 11, 2013). "Apple's Touch ID Is A 500ppi Fingerprint Sensor Built Into The iPhone 5S Home Button". TechCrunch. Retrieved September 11, 2013.
- ^ Newton, Casey (September 10, 2013). "Apple's new iPhone will read your fingerprint". The Verge. Retrieved September 11, 2013.
- ^ a b c Rosenblatt, Seth (September 10, 2013). "iPhone 5S comes with Touch ID fingerprint scanner". CNET. Retrieved September 11, 2013.
- ^ "iPhone 5S : Une photo du bouton Home avec lecteur d'empreintes digitales ?!". NowhereElse. September 3, 2013. Retrieved September 11, 2013.
- ^ "iPhone 5S : Le lecteur d'empreintes digitales confirmé ?!". NowhereElse. September 10, 2013. Retrieved September 11, 2013.
- ^ a b Hughes, Neil (September 4, 2013). "Fingerprint sensor in Apple's 'iPhone 5S' predicted to boost mobile commerce, enterprise adoption". AppleInsider. Retrieved September 11, 2013.
- ^ a b "Apple Announces iPhone 5S - The Most Forward-Thinking Smartphone in the World". The Wall Street Journal. September 10, 2013. Retrieved September 11, 2013.
- ^ a b "Apple announces iPhone 5S: Touch ID fingerprint security, 64-bit A7 CPU, new gold option coming Sept. 20". AppleInsider. September 10, 2013. Retrieved September 11, 2013.
- ^ a b Gilbert, Ben (September 10, 2013). "iPhone 5s fingerprint sensor called Touch ID, recognizes your thumb on the Home button: here's how it works and what it does". Engadget. Retrieved September 11, 2013.
- ^ a b "Apple: New iPhone Not Storing Fingerprints, Doesn't Like Sweat". Digital. The Wall Street Journal. September 11, 2013. Retrieved September 11, 2013.
- ^ "Efficient Texture Comparison". Digital. US Patent & Trademark Office. May 18, 2012. Retrieved November 21, 2013.
- ^ Rieger, Frank (September 21, 2013). "Chaos Computer Club breaks Apple Touch ID". Chaos Computer Club. Retrieved September 21, 2013.
- ^ Musil, Stephen (September 22, 2013). "Hackers claim to have defeated Apple's Touch ID print sensor". CNet. CBS Interactive Inc. Retrieved September 23, 2013.
- ^ Rogers, Marc (September 23, 2013). "Why I Hacked Apple's TouchID, And Still Think It Is Awesome". Lookout. Retrieved September 23, 2013.
- ^ a b c d Roose, Kevin (September 10, 2013). "Will the New iPhone's 'Touch ID' Feature Finally Make Fingerprint Scanning Happen?". New York (magazine). Retrieved September 11, 2013.
- ^ a b Kingsley-Hughes, Adrian (September 10, 2013). "iPhone 5S with Touch ID is a big win for BYOD security". ZDNet. Retrieved September 11, 2013.
- ^ a b c d Greenberg, Andy (September 10, 2013). "Apple's New iPhone 'Touch ID' Makes Fingerprint Scans Easy, But Don't Ditch Passcodes Yet". Forbes. Retrieved September 11, 2013.
- ^ Steinberg, Joseph (September 13, 2013). "Your New iPhone Can Put Your Identity At Risk". Forbes. Retrieved July 5, 2014.
External links
- Touch ID – official site