
Apple’s Touch ID: A 500ppi Fingerprint Sensor Built Into iPhone 5S Home Button - cwilson
http://techcrunch.com/2013/09/10/apples-touch-id-a-500ppi-fingerprint-sensor-built-into-iphone-5s-home-button/
======
cwilson
Interesting quote: "It's never available to other software. It's never
uploaded to Apple's servers or backed up to iCloud."

I was momentarily worried the NSA fingerprint database was going to get a
whole lot bigger, but I guess not.

Edit: Obviously this could totally backfire and Apple could screw us all, just
reporting what was said.

Edit 2: Video is up detailing all of this a bit more:
[http://www.apple.com/iphone-5s/videos/#video-
touch](http://www.apple.com/iphone-5s/videos/#video-touch)

~~~
smikhanov
Why are you worried? Did you commit a crime recently or have an intention of
doing so?

Digitized fingerprints are being stored in the chips of electronic passports
of many EU countries. Every person applying for a visa to the US (to the best
of my knowledge) is required to have their fingers scanned. If this means that
the borders, for example, are better protected — sure, they can have my
fingerprints.

Even if Apple will collect and submit all fingerprints of all iPhone users to
the relevant authorities, this can only be good, not evil.

~~~
tspike
This is the 'nothing to hide' argument, and it's flawed. What if you're
falsely accused of a crime? There are many ways for such a system to be
abused.

What about a right to privacy? Taking fingerprints for a driver license or
passport is one thing, connecting a fingerprint scanner to a device that
tracks location and internet activity is entirely another.

~~~
snowwrestler
Apple and your mobile provider already know who you are, because you told them
when you created your iTunes account and mobile phone account.

------
daniel_solano
I used to think that fingerprint sensors were pretty cool, and even purchased
the option on a laptop some years ago. That was until I found out the relative
ease of duplicating fingerprints [1]. Now, I am wary of leaving my password on
everything I touch.

[1]:
[http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?langu...](http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en)

~~~
ryanwhitney
I enter a 4 digit password into my phone a hundred times a day. Standing
behind me at Starbucks is probably easier than dusting for prints and
recreating my thumb.

~~~
Zikes
And you're probably the only person in line to even bother with a 4 digit
password.

------
cwilson
This include's in-app password authentication alongside unlocking your phone
(no more entering your iTunes password!).

~~~
film42
My GF just said, "I can't wait for you to get the phone so I can install
instagram while you're asleep."

I really hope apple figures out a way to solve this problem. I just want to
point out that although this sounds sarcastic, there's some real concern here.

~~~
iamshs
Then go the normal way of entering password. It still works.

~~~
ebzlo
Someone above mentioned you could add multiple fingerprints as well. I'm
guessing this includes other fingers as well as other humans.

------
Gazk
This is great until someone removes your finger so they can access your phone.

~~~
trebor
I think that this would be easily detectable by testing capacitance. The steel
ring around the home button could potentially be used for that.

~~~
georgemcbay
A dead finger is the same as a live one as far as capacitance goes unless it
has been dead so long that all the moisture is gone, in which case you could
just dip it in water prior to the scan.

Having said that, the idea of losing a finger to access the device doesn't
really make much sense. You've got to incapacitate someone pretty well to take
their finger off, so you might as well just force them to touch the phone
while they are so incapacitated, unless you really like chopping off fingers.

~~~
trebor
Humans are pretty powerful conductors, are you sure that a sensitive
capacitance sensor couldn't tell the difference between a finger and a finger
attached to a body? I don't know it for a fact, but I'd be surprised if not.

~~~
georgemcbay
A garden variety capacitive sensor can't tell the difference between a human
finger and a hot dog.

How do you propose it would beyond attempting to measure the amount of
capacitance and mapping it to an accepted band? Attempting that is way too
fragile a solution due to variability in humans and local weather conditions.

And even if you did put in the effort for that, an attacker could still fairly
easily match the dead finger capacitance to the correct band pretty easily.

------
blisterpeanuts
I wonder whether this will generate a market for finger gloves etched with
custom fingerprints. You'd want one for your spouse, so they can use your
phone without needing you to finger it, for example. Probably it would come in
a kit that you could use to custom-etch your finger glove.

But if you lose it (the glove), I guess you are in trouble. Someone will find
it, upload the pattern to Facebook, and your fingerprint is now in the public
domain for the rest of time. Unlike a password, it's irrevocable.

Unless you could "edit" your fingerprint with some customized secret pattern,
etch that pattern to a finger glove, and then only that glove will unlock the
device, not even your plain fingerprint.

Or would some kind of capacitance sensor on the phone prevent the use of
gloves or other spoofs?

~~~
sgk284
You can add multiple fingerprints to the phone.

------
Theriac25
Relevant:
[https://twitter.com/janchip/status/377454752402903040](https://twitter.com/janchip/status/377454752402903040)

------
cwilson
I've read that in some cases fingerprints between left and right hands can
differ. I wonder if you can have more than one fingerprint stored on your
device?

~~~
meepmorp
> I've read that in some cases fingerprints between left and right hands can
> differ. I wonder if you can have more than one fingerprint stored on your
> device?

A fine question, but I've never heard of anyone having the same fingerprints
on their left and right hands. Is this actually something that happens with
any reasonable frequency?

~~~
uFb3prduWpbzCr
As an anecdote, my pinky fingers are similar enough to have digital
fingerprint readers reject them as "a duplicate finger", so I'm thinking the
idea is that they are supposed to be unique. I've gotten a few "I've never
seen it do this..." lines from the attendant and generally wind up leaving
with ink-covered fingers. I'm curious if this reader winds up having the same
issue.

~~~
meepmorp
That's what I was curious about, thanks.

------
danpalmer
I hope this works, but I'm skeptical for 3 reasons:

Reliability: I've seen so many broken home buttons, they need to solve this
problem otherwise many people won't be able to use it, and many will be put
off from using it. Also, what's the false-positive ratio, what's the false-
negative ratio?

Security: traditionally fingerprint sensors have been pretty terrible at
security given a photocopier and a few bits and pieces. You wouldn't need 10
attempts to get into the phone, you could theoretically get it in 1 if you
have the expertise. A passcode on the other hand, you have a much lower chance
of guessing that within 10 tries before a wipe. Also false matches are clearly
an issue here too.

Practicality: This is a combination of reliability and security, but also a
few other things. Siri takes ~1 minute to respond to my queries, I don't
believe this makes network requests, but if it has a big performance problem
or something similar, people won't use it. If my phone takes more than 3
seconds to unlock with a passcode it annoys me.

~~~
rimantas

      > Reliability: I've seen so many broken home buttons
    

Have you seen any on iPhone5? That was mainly iPhone 4's problem, iirc.

    
    
      > A passcode on the other hand, you have a much lower chance of
      > guessing that within 10 tries 
    

And peeking 4 digits passcode is even easier. Also, this scanner may be a bit
more sophisticated.

    
    
      > If my phone takes more than 3 seconds to unlock with a passcode it annoys me.
    

It's all in hardware. And that's iPhone 5S' hardware, 64bit and all.

~~~
danpalmer

      > Have you seen any on iPhone5? That was mainly iPhone 4's problem, iirc.
    

Fewer, but still yes.

    
    
      > And peeking 4 digits passcode is even easier. Also, this scanner may be a bit more sophisticated.
    

Very true, I'm looking at this less from a position of preventing a friend
from fraping you, and more from a business security standpoint where you would
hopefully shield a passcode, and probably use a longer alphanumeric one
anyway. Not sure that a fingerprint beats that.

    
    
      > It's all in hardware. And that's iPhone 5S' hardware, 64bit and all.
    

Of course, I don't think performance will be the issue, but I'm just hoping
that there _isn 't_ an issue with practicality. So many of Apple's things are
good in theory, and not usable in practice, at least for me. (iCloud CoreData
sync, Photo Stream, Siri, AirPlay, FaceTime...).

------
speedyrev
I had the Atrix with the fingerprint sensor. The thing that I liked was being
able to unlock the phone with one hand. But, the sensor was on the top back
center, right where your index finger naturally landed. It was really nice
when your hands were full.

------
yapcguy
What happens if you injure your finger in an accident?

Or the sensor has a hardware failure?

~~~
Splendor
Most likely it will default to a password at that point.

~~~
yapcguy
Right, but since you haven't used the password in months or years, you'll
probably have forgotten it by then.

------
owenfi
I wonder if iOS 7 supports 2 factor authentication (print + passcode)?

------
kyro
Security issues aside, I feel this is also Apple's way of one-upping Amazon's
1-click purchasing as more and more people are transitioning to commerce on
touch devices.

------
methodin
I imagine it'd be good for enterprisey companies - would have to be better
than "this exchange server requires a pin to unlock your phone" right?

------
luscious
Jailbreak device, steal fingerprints, spoof purchasing with valor!!

I'm sure they've put many hours and much thought in to this, but it won't be
nearly enough.

------
sandtrip
This is probably why they bought AuthenTec

------
dm8
It has lot applications beyond security.

------
JimmaDaRustla
I fear for my sanity if my GF buys another iPhone and complains that the
battery lasts even less.

