Apple reveals inner workings of iPhone 5s Touch ID scanner

The consumer electronics giant explains how Touch ID keeps users' fingerprints safe.

Apple has published a white paper that reveals exactly how the Touch ID biometric scanner works on its latest iPhones.

The company has shared information regarding how Touch ID keeps biometric data private in an updated security document. It posted the PDF to its iPhones in Business microsite.

The feature works by using what Apple calls a "Secure Enclave". This generates and communicates encrypted temporary information to the rest of the phone, ensuring that fingerprint data is left unexposed to the rest of the system.

Secure Enclave only stores data from scanned prints and not the actual images. With the secure boot process, the Enclave, a co-processor inside Apple's A7 chip, verifies and signs data independently of other iOS software and hardware. Apple said even if a device is compromised the data held in the Secure Enclave is completely inaccessible.

"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space," the document said.

"Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter."

 And while the A7 processor deals with data from Touch ID, this information is encrypted by the scanner, making it unreadable to the rest of the phone. Only Secure Enclave can authenticate the data.

"It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave," the document reads. "The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption."

Researchers at FireEye recently published a post about how keyboard presses, physical button presses, and TouchID interaction can be tracked on iOS devices, even if they are not jailbroken, with a simple monitoring app. The researchers said this information could be used to mount an attack on such a device and get access to the devices's input data.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
Apple opens all US stores for the first time in a year
business transformation

Apple opens all US stores for the first time in a year

2 Mar 2021
Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021