Thoughts on Apple’s Touch ID Fingerprint Reader

Publish date:

I’ve been using my new Apple iPhone 5S for long enough now to form an opinion about Touch ID, it’s built-in fingerprint reader. As a security person, I feel the need to set an example when securing my personal data.  For that reason, I set a complex (6-digit)  PIM on my iPhone.  That’s great, but […]

I’ve been using my new Apple iPhone 5S for long enough now to form an opinion about Touch ID, it’s built-in fingerprint reader.

As a security person, I feel the need to set an example when securing my personal data.  For that reason, I set a complex (6-digit)  PIM on my iPhone.  That’s great, but I have to re-enter it every time I pick up my phone (about once every 5 minutes, throughout my working life!).  That’s a big nuisance, and it’s probably why roughly 50% of iPhone users pre-5S didn’t set a PIN.  But with the fingerprint reader, I can unlock my iPhone quickly and easily.  Now, about 80% of iPhone 5S users set a PIN and register themselves to use the fingerprint reader.  That’s a significant security improvement.

How secure is Touch ID?  In theory, it can be broken: if you have a fingerprint image for the correct finger, you can create a fingerprint overlay for someone else to use.  That’s not trivial to do however (see this link to understand just how difficult it is).  To succeed, you’d need to execute a targeted, carefully-planned military-style operation.  Touch ID may not be good enough for nuclear launch codes, but is good enough for my photographs of cats.

Touch ID doesn’t store fingerprint images in the cloud; it stores them in a special location on the iPhone’s A7 chip, called a secure enclave.  It doesn’t store the image in an externally usable form, it stores a mathematical representation, derived from it, from which it shouldn’t be possible to reconstruct the original image.  Apple claim that even they have no access to this.

Related Posts

Cybersecurity

Empowering our employees to become cyber savvy in the new normal

Date icon October 14, 2021

Celebrating Cybersecurity Awareness Month at Capgemini

Cybersecurity

Capgemini Named a MSSP Leader in Everest Group Report

Geert van der Linden
Date icon September 6, 2021

Capgemini has continued to make significant investments to ensure its customers are able to...

Cybersecurity

Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...