This is how Touch ID and the Apple A7 processor keep your iPhone secure

Apple security document confirms that Touch ID is indeed tied to hardware

As soon as the iPhone 5s was released last fall we ripped it apart and took a closer look, specifically at Touch ID. We had a hunch that Touch ID was paired to individual hardware even back then. An updated iOS security document issued by Apple looks to confirm our suspicions:

While the iOS security document goes into detail about Secure Enclave, what it is, and how it works, the part we find most interesting is as follows -

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

What the above statement by Apple means is that when Secure Enclave is manufactured it gets a unique identifier that is then paired with another identifier on a specific device. This results in a hardware lockdown of Touch ID that locks out tampering of any kind.

In our initial teardown we were able to verify that a Touch ID swapped from one iPhone 5s and put into another caused Touch ID to immediately stop working. Set up attempts failed and in some cases, Touch ID completely disappeared from the Settings panel. Swapping the Touch ID sensors back into the iPhones they came in remedied the problem instantly.

The entire security piece from Apple is an interesting read and goes into detail not only on the workings of Touch ID but other facets of iOS such as iCloud Keychain data protection and more. Hit the link to check it out in its entirety and then let me know how you feel about iOS security. Do you feel Apple does more than other companies in terms of protecting your data? Do you still not trust iCloud? Why or why not?

Source: Apple

Allyson Kazmucha

Help and how to editor for iMore. I can take apart an iPhone in less than 6 minutes. I also like coffee and Harry Potter more than anyone really should.

More Posts

 

11
loading...
0
loading...
73
loading...
0
loading...

← Previously

Iterate 63: Greg Pierce of Agile Tortoise

Next up →

CrackBerry's celebrating its 7th birthday with a giveaway… and it's not a BlackBerry!

Reader comments

This is how Touch ID and the Apple A7 processor keep your iPhone secure

24 Comments

Wow, no offense but the entire article is interesting, not just that one paragraph. It's fascinating the depth to which they go to keep everything secure. Quite interesting & eye opening. I knew iOS & the hardware was complicated but had no idea how complex it really is.

Nice corporate response, shell out another 80 bucks because the profit margins on those phones are so small they cannot afford a larger warranty period.

Let's assume I don't have AppleCare+, what happens then?

Thank you, but you mean to say that in some countries Apple has a flat fee for repair of out of warranty phones. Everywhere else you need the services of independent companies, which BTW, happens to be the majority of countries where Apple sells phones. So, to be specific, can an independent company fix a Touch ID button?

Assuming you don't have AppleCare+ because you didn't want to shell out $80 (as mentioned above - and I didn't either) I'd say you also couldn't afford or want to pay another independent company to replace the hardware even if it was possible (which I doubt it is). It would likely be far more expensive. You'd probably be best contacting Apple for a definite answer though. Likely, you'll just need to resort to using a PIN code instead and forget about replacing the Touch ID hardware.

"Do you feel Apple does more than other companies in terms of protecting your data? Do you still not trust iCloud? Why or why not?"

Your Apple ID is your key to Apple's whole infrastructure now and presumably into the future. iTunes Store, App Store, iCloud, etc. etc. etc. So it is extremely important, from a business perspective, for Apple to keep your Apple ID and password as secure as possible.

It really looks like Apple is taking things step-by-step, carefully laying the groundwork, relentlessly preparing their mobile hardware for an eventual disruption of retail store point-of-sale. They've already rolled out a complete no-cashier payment system in their own Apple Stores. EasyPay works perfectly in the Apple Store app. It's just a small matter of programming to add EasyPay to Passbook.

Maybe we'll see retailers getting on the bandwagon this year. And maybe iOS 8 will have some expanded e-wallet features. This is how it would go. iOS 8 beta is distributed to developers at WWDC14 this summer with some kind of EasyPay API. One or more major nationwide retail chain will be announced as the first to use the new feature. "One tap checkout. In real life."

Then developers will have 4 or 5 months to incorporate that feature into other retailers' apps before the holiday season. Retail stores will install the required hardware: iBeacons for marketing and in-store analytics, Wi-Fi for transmitting purchase transactions, servers for processing transactions and for inventory control (turning off the alarm when purchased items pass through the sensor "gate"), and of course their own apps with optional Passbook connectivity.

All of which just might depend on your Apple ID. None of which is worth anything unless Apple keeps TouchID absolutely secure.

Recent events have taught us all that Apple and security are two words that do not go together. Unless they can profit on security, it's not a priority for Apple.

And, of course, Samsung's hasty copying just might get them in big trouble, security-wise. They have apparently opened up the S5's fingerprint scanner to developers.

Oopsies! Tech Crunch has blogged about it.
Go ahead and Bing it.

This is a big issue for Samsung. While I would love to have touch is able to do even more system wide, I recognize the risk that creates and am glad that my fingerprints are secure

Sent from the iMore App

After resetting, or turning the phone off, not sleep, you still have to enter a code. Touch ID will not work. They should change this.

Sent from the iMore App

It's interseting that apple would put that much effort into it. It's definitely an added plus. And they didn't have to brag about.

Sent from the iMore App

I could guess in one shot Scamsung didn't go through these measures of security for their fingerprint scanner...

Nexus 5... enough said

I remember when touch ID was announced and the media went crazy with speculation about how touch ID could be hacked and your fingerprint could then be released out into the wild. Something tells me, this article will not be covered with so much enthusiasm by the media. Not to mention I've seen very little discussion about the security of the implementation that Samsung is using on it's new fingerprint scanner.

I've got to be honest, I was surprised to hear that apple was going to use fingerprint technology in its products, because I assumed that iris recognition is more secure and would be a tidier option to implement through the front facing camera and then apple could've gone completely bezelless on the iphone and maybe could've gone see through too. Now I am positively dreaming

Dont like the idea of shining light into my eyes so that iris scanner can get a lock onto my eyes... Just like any other companies, Apple has to worry about usability and convenience, thus, finger print scanner.