As soon as the iPhone 5s was released last fall we ripped it apart and took a closer look, specifically at Touch ID. We had a hunch that Touch ID was paired to individual hardware even back then. An updated iOS security document issued by Apple looks to confirm our suspicions:
While the iOS security document goes into detail about Secure Enclave, what it is, and how it works, the part we find most interesting is as follows -
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
What the above statement by Apple means is that when Secure Enclave is manufactured it gets a unique identifier that is then paired with another identifier on a specific device. This results in a hardware lockdown of Touch ID that locks out tampering of any kind.
In our initial teardown we were able to verify that a Touch ID swapped from one iPhone 5s and put into another caused Touch ID to immediately stop working. Set up attempts failed and in some cases, Touch ID completely disappeared from the Settings panel. Swapping the Touch ID sensors back into the iPhones they came in remedied the problem instantly.
The entire security piece from Apple is an interesting read and goes into detail not only on the workings of Touch ID but other facets of iOS such as iCloud Keychain data protection and more. Hit the link to check it out in its entirety and then let me know how you feel about iOS security. Do you feel Apple does more than other companies in terms of protecting your data? Do you still not trust iCloud? Why or why not?