Apple’s new fingerprint sensor, known as Touch ID, has been received with both skepticism and awe. This is the first time biometrics has been used in a very popular device, but it still raises the question of how secure it will prove to be.
Now, the Cupertino-based tech giant has released a statement that aims to clarify some of the security concerns around Touch ID.
A spokesperson explained that the Touch ID doesn’t store any actual images of user’s fingerprints – so in a nutshell, it can’t be used to tie a name to their fingerprint. Apple also said that it won’t hold a database of people and their fingerprints. Fingerprints are represented by a digital signature which is encrypted and stored in the A7 chip within the device itself, and this cannot be accessed either by apps or Apple itself.
In practice, Apple believes that even if someone were able to gain access to the A7, they wouldn’t be able to reverse engineer the digital signatures to create an image of the fingerprint. This means that there’s no way for hackers to unlock the phone, make iTunes, iBooks, and App Store purchases, or worse, steal someone’s identity.
Also, Apple points out that even if Touch ID is in play, passcodes should still be in place for a backup. The passcode will be the only thing that activates the phone when its rebooted or hasn’t been unlocked for 48 hours. Apple’s representative explained that this feature was designed to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.
Touch ID is not 100 percent accurate however, even though Apple claims that it is a vast improvement on the old fingerprint scanners found on laptops that often required multiple finger swipes before they recognized users. Still, the technology does have some drawbacks – such as having trouble reading moist fingers, be they sweaty or laden with lotion or other types of liquid. The fingerprint reader also has trouble with scarred fingers, so anyone afflicted by this is advised to use another, non-scarred finger.
But even though Apple is doing its best to assure people that Touch ID is secure, there are some who can’t seem to shake off the feeling that this is a trap.
How can people be sure that images of fingerprints aren’t taken, rather than being translated to a digital signature? Did the NSA help Applecreate this security sensor? And if Apple doesn’t store your digital signature anywhere other than the A7 chip, how can it be used to authorize iTunes payments? Won’t Apple need a comparison point to determine if the purchase is being made legally?
Apple hasn’t really clarified much in its new statement regarding the Touch ID’s security, all its done is to raise even more questions. Still, come September 20, no doubt there will be thousands of fanbois lining up to purchase the iPhone 5S, because even if there are lots of security issues, in their eyes Apple can do no wrong.