This is going to be a big game changer for 2 factor authentication. No longer will you have to deal with a series of numbers, but should be able to just auth with your phone.
To ask a silly question - how? 2FA apps like Authy don't communicate with the service they provide for. An app per 2FA application would be extremely clunky.
I'm still creeped out by Touch ID (not this opening up, just Touch ID in general): The recent Snowden files revealed that the NSA actively searches for and indexes pictures of faces and fingerprints.
I doubt this is 100% secure (since all the code, including the TouchID code can be updated in iOS updates, you can add a leak function to a future iOS update).
When that happens, an attacker can nicely cross-reference your fingerprint with all the other data.
Just like you don't store a plaintext password, neither does TouchID store your fingerprint as anything recognizable - it's stored as a hashed and salted representation of your fingerprint. I'd venture to guess that it's device specific too, I doubt that your fingerprint hash stored on one phone is identical to the same fingerprint hash stored on a different phone.
I think there is reason to doubt that TouchID stores your fingerprint as a hash. Let me elaborate:
Even after the initial priming phase, TouchID continues to learn and adapt to your fingerprints. So during priming, you could always place your finger flat on the sensor, and then after that, during usage, you can continuously use different parts of your finger, and if at least a part of your finger overlaps with a previous image of your finger, TouchID unlocks the device and - crucially - it continues to learn those new angles of your finger.
This indicates that TouchID internally aggregates an image of your fingerprint during actual usage. Now to merge those images together, you have to compare previous images with the new image, to find a common section. And you can't do that if you have only got a hash of the previous image.
I think therefore just by looking at its operation from outside, we can infer TouchID stores a fingerprint in a way that it can reproduce the fingerprint itself.
So how do they internally aggregate an image of your fingerprint during actual usage, then?
Also, hash plus salt together is info that identifies a fingerprint. Why shouldn't it be possible to leak that info? Once you have it, you can apply it to your existing database of fingerprints to get matches - no actual fingerprint image needed...
The security behind TouchID and the secure enclave in the A7 chip is pretty damn mind boggling and unprecedented. The pains Apple has gone through to secure your fingerprint and things like that, is just amazing for a consumer product.
Apple sent out at least 1 update to TouchID as part of a regular iOS update. In my view, from a few miles up, the fact that you can update TouchID doesn't install a lot of confidence in this tech. Apple can change its workings, and it can also interface with TouchID from outside in order to update it.
Would you care to elaborate why you're still sure that Apple (or the NSA) couldn't change TouchID to send my fingerprints to an outside server?
Do you have a link to the touchID update? Because there's touchID the software, and touchID the hardware. The software interfaces with the actual circuitry but can still only basically say "can you please encrypt this?" and "can you please decrypt this", in addition to saying "hey was that fingerprint valid?" - that's it.
Even the OS-level software doesn't have access to fingerprint data. Heck, even the physical WIRES that connect touchID to the secure enclave in the A7 chip are encrypted, so someone couldn't just hookup to the circuit board and read your fingerprints.
Why does it scare you that they put out an update to change how they work with what is essentially irreversible hashes of the original high resolution scan of your fingerprints?
Because those hashes, when leaked to an outside party with a big database of fingerprints (say, the NSA), can be easily be combined to find matches in that database and identify somebody. Hashes don't solve all the problems, cmelbye, the identifying info is still there!
If the NSA gets access to your phone, there are hundreds of easier ways to identify who you are than having to go through the schlep of reconstructing your fingerprint.
I'll be interested to see how this is used. I've never liked biometrics as a password, as once it is compromised, it cannot be changed. They are much more useful as a username, in my opinion. Does anyone here have any specific uses in mind?
