Discussion on the security of iOS fingerprint Touch ID

At the launch of the IPhone 5s, Apple unveiled a new fingerprint identification security technology, the Touch ID, that pioneered the next chapter in the use of biometric security technology on portable devices. Since then, Apple has brought this technology to the IPAD. No previous manufacturers have successfully built fingerprint identification on such commonly used devices, because of the complex process and technical difficulties involved. Apple acquired technology-leading Authen TEC as a technology base in 2012 and has built Touch IDs for iOS devices. This makes Apple smarter and more usable in fingerprint identification of smart devices than other vendors. Samsung's fingerprint recognition function must swipe in a certain direction with your finger, and Touch ID can read your fingerprint 360 degrees by simply putting your finger on it. So is the Touch ID really safe enough? This is a question worthy of discussion.

The security of Touch ID compared to normal password

One person's fingerprint is one of the best passwords in the world. It is unique, highly specific, and does not require memory. It will accompany people for life, so you can always use the same fingerprint password.

Compared to the simple 4-bit digital lock screen password one out of 10,000 of the crack likelihood, can find the same single fingerprint of the probability of one out of 10,000, which is very safe, compared to the former I can keep trying, Touch ID fingerprint hard crack odds almost no, because there is no more than 50,000 people queued to one by one unlock your device, Moreover, Touch ID will reject the fifth attempt and ask for a password. So we can add more complex passwords instead of simple digital passwords to further improve security.

Apple said in the conference that before the Touch ID launch, because every time the unlock is cumbersome to enter the password, the number of people using the lock screen password is less than 50%, but after this, the IPhone 5s users the probability of using the lock screen password greatly increased, because Touch ID easy to use, So instantaneous unlocking makes it almost impossible for a person to feel the presence of a lock screen password.

This is actually a very good situation, and Apple's contribution at this point is that it makes the iPhone more secure in general by allowing users who have never used to protect their data security habits to start adding passwords to keep their data safe. The reason for all this is that Touch ID is both reliable and simple.

As you can see, Touch ID makes the phone lock more secure and reliable than ever.

Fingerprint crack possibility

Can the fingerprint password be cracked? Basic all passwords can be cracked, but the difficulty is different. Someone has successfully cracked the Touch ID, relying on a fingerprint model. Should ordinary people be worried about this? The answer is no, because this model requires a high level of technology to build, and still has a high failure rate, but Touch ID only allows to try not more than 5 times, so the fingerprint model must be extremely sophisticated and realistic, but no one is willing to pay such a price to unlock the iPhone.

The principle of Touch ID fingerprint recognition

How does Touch ID identify fingerprints? In this fast identification process, a ring of metal on the Home button functions as a finger, notifying the Touch ID to read the fingerprint. Touch ID is placed in this button, the sensor is only 170 microns thick, with a high resolution of up to PPI, which can read very small fingerprint details. The sensor captures high-resolution images from some small portions of the skin's lower-layer fingerprint, which is then analyzed to classify the fingerprint according to three basic fingerprint types (arc, Chevron, or bucket), which will draw details that are not visible to the human eye and ensure that the fingerprint is read accurately.

Touch ID reads the fingerprint from a 360-degree direction, then creates a mathematical expression of the fingerprint and compares it to the registered data to determine if it matches. If it matches, you can override the password to unlock the device or pass a token.

In addition, according to Apple's official description, the Touch ID will continue to add new feature data to the registered fingerprint data, which will improve the matching accuracy over time, and further improve security.

In addition to the above, Apple can also add some effective means to further ensure security, such as the device to restart or remain locked for 48 hours, lost only through the password instead of fingerprint to unlock the device, which also eliminates the bad guys by constantly restarting to crack the possibility of fingerprints.

In general, Touch ID is a complete fingerprint recognition system with clear principles.

Security of fingerprint information data storage

Fingerprints are extremely important to everyone because they cannot be changed, so if you leak a fingerprint pattern, it is equivalent to losing a natural, powerful security code. The question is, is my fingerprint data secure on my iOS device and will iOS reveal my fingerprint image? These are the issues that we should be most concerned about.

First, Apple declares that the pattern of fingerprints will not be stored in the device is a mathematical expression of fingerprint features, and from these expressions directly anti-roll fingerprint image is not possible. Therefore, even if the device is lost and disassembled, it will not lose the fingerprint graphics.

Second, the fingerprint verification operation is independent of the main processor chip (such as A7, A8), the chip has a high-level security architecture called "Secure Enclave", dedicated to the password fingerprint data, and use secure Enclave private key encryption, and each boot with a random UID management. Fingerprint data can only be processed and used by Secure Enclave, because this architecture is independent of other device parts, it is used only with Touch ID and cannot be used to match other fingerprint databases, so stored fingerprint data is not accessed by IOS or other apps and is not stored in Apple Servers, or back up to ICloud.

These are Apple's official instructions. From the hardware of the fingerprint feature data can not be "Secure Enclave" and Touch ID other than the access to the device, and the two chips isolated from each other, all software does not have the right to obtain fingerprint data, can only get the fingerprint is wrong feedback. Because the core secret of the architecture is only known to Apple, there are few third-party software available to access this sensitive information. Thanks to the closeness of IOS and the strict constraints on the application, you can create the safest system.

So will Apple upload and use this data on its own? It is not in the official statement.

Security recommendations for use with Touch ID

Although the Touch ID is secure, it cannot be compromised on security. In addition to the most common physical anti-theft methods, the following security measures are recommended to protect personal data.

Stronger lock screen Password

Touch ID Quick Scan unlock eliminates the hassle of entering a cumbersome lock screen password, but allows the user to manually enter the password after multiple scans fail. At this point, if you have a simple password, not a simple 4-digit number, you can greatly improve security. This for my use, still does not increase the daily use of tedious.

Sign up for accurate fingerprints

It is recommended to use the thumb to enter the fingerprint, because here the fingerprint texture clear, the most suitable for scanning. It is recommended to clean your fingers and then enter your fingerprint to prevent errors in scanning. In the fingerprint edge of the interface, should be the edge of the finger as far as possible touch the Home button, to all aspects of the input fingerprint.

Although there are methods available on the web, it is possible to enter five fingers into a fingerprint while taking a fingerprint, but this will undoubtedly reduce the accuracy and may lead to increased risk of being cracked. Therefore, it is recommended to enter only one fingerprint at a time, currently IOS supports registering up to 5 fingerprints, you can arrange on your most commonly used finger.

Disable Touch ID when lost or stolen

After the iphone, ipad is lost or stolen, you should go to icloud.com/#find or "Find My iphone" on another device to turn on Lost mode, which disables Touch ID and only unlocks the device via a passcode. Eliminate the possibility of someone using cracked fingerprints to unlock the IPhone and IPad.

Avoid IOS Jailbreak

Although there is no clear explanation can be pointed out that the jailbreak device Touch ID mechanism can be a security risk, but because the jailbreak device permissions are very large, some cracked software and plug-ins may access to very confidential information, which will leave a great security risk. In addition, the jailbreak has become less exciting today as IOS continues to improve.

Security of Touch ID for iOS fingerprint recognition