touch id
Latest
Apple details the security behind the Touch ID, and other news for Feb. 27, 2014
Apple has posted a document to its business site detailing the security features behind the Touch ID that was introduced on the iPhone 5s. This is the first time Apple has publicly revealed security features of the Touch ID, which could point to the fact that Apple may be considering opening up the fingerprint scanner to third-party developers at this year's WWDC. It's better to educate people beforehand on just how secure the technology is so that users will feel more comfortable when developers have access to it. The highlight of the Touch ID security features appears to be the "Secure Enclave," which is a coprocessor in the A7 much the same way the M7 is a coprocessor. As MacRumors notes: Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.... Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave. Given that the Touch ID seems much more secure than many thought, here's hoping Apple opens it up to third-party developers...just as Samsung has done with the new Galaxy S5. In other news: Apple has released a firmware update for the Mac Pro which allows the machine to enter Power Nap mode without running the fan. Apple has made sweeping changes to its iOS device management tools for Enterprise And Education. iOS 7.0.6, the version that fixed the SSL bug, has already been installed on 25% of iOS devices after just four days.
Tim Cook: Mobile payments was 'one of the thoughts behind Touch ID'
During Apple's earnings conference call yesterday, Tim Cook tipped his hand just a little bit when detailing the decision process underlying Apple's implementation of Touch ID on the iPhone 5s. "The mobile payments area in general is one that we've been intrigued with," Cook explained. "It was one of the thoughts behind Touch ID." While perhaps not the most astounding revelation on its face, it certainly is a step up from Cook's oft-used line that Apple creates products to "delight its customers." Cook's statement therefore provides a rare glimpse into Apple's strategic thinking. Rather than acquiring AuthenTec and implementing fingerprint authorization sensors willy-nilly, we've now learned that Apple has long had its sights on mobile payments. Though truthfully, this shouldn't come as too much of a surprise given the deluge of mobile payment-related patent filings Apple has made in recent years. In light of Cook's statement on mobile payments, it's worth highlighting a recent Wall Street Journal article that provided a few more details regarding Apple's interest in mobile payments. Eddy Cue, Apple's iTunes and App Store chief and a key lieutenant of Chief Executive Tim Cook, has met with industry executives to discuss Apple's interest in handling payments for physical goods and services on its devices, according to people familiar with the situation. In another sign of the company's interest, Apple moved Jennifer Bailey, a longtime executive who was running its online stores, into a new role to build a payment business within the technology giant, three people with knowledge of the move said. Tim Cook also added that mobile payments are "intriguing" and represent a "big opportunity" for the iOS ecosystem. As it stands now, Apple's Touch ID is only functional for unlocking a device and for authorizing purchases via the App Store. Perhaps with the release of iOS 8, that will soon change.
Apple's next cash cow could be your fingerprint
The mobile payments arena may not seem so big right now, but make no mistake: We're just seeing the beginning of a rapidly growing trend. Some estimates we've seen from market research firms put the future mobile payment market in the US alone at around $90 billion spent in 2017. Compared to that, the $12.8 billion spent in 2012 is just pocket change underneath the couch cushions. Apple's very much aware of the revenue potential in this category, and it's taking the possibility seriously. "Mobile payments in general is one [area] that we've been intrigued with, and that was one of the thoughts behind Touch ID." On today's quarterly earnings call, Apple CEO Tim Cook stated that people love to buy content using Touch ID, the fingerprint reader featured on the iPhone 5s. "Mobile payments in general is one [area] that we've been intrigued with, and that was one of the thoughts behind Touch ID," Cook said. "We're not limiting ourselves just to that." This is the first direct confirmation that mobile payments were at least on the table in some form when Apple began developing Touch ID. This wasn't a promise from Cook that anything will happen in the near future, but it seems as though Apple would be leaving a lot of money on the table if it sat on the opportunity.
Troubleshooting Apple's fingerprint reader
Owners of Apple's iPhone 5s either seem to love its Touch ID fingerprint reader or hate it with a passion. For some people (like myself), it works the vast majority of the time, while other people have told me they've given up on using Touch ID to unlock their devices. Over at Macworld, blogger Serenity Caldwell has written up a nice guide on how to troubleshoot issues with Touch ID and keep your frustrations to a minimum. To start with, Caldwell suggests that you use a set of good fingerprint scans or if you're having issues, to re-scan your prints. First, adjust your grip on the phone to match what you may do in reality. Many people lay the phone down while doing the scan, and then don't vary the angle at which they are making the initial scans. When they try using Touch ID in real-life conditions, holding the iPhone 5s at an angle, they get bad results. Caldwell then goes on to point out that you should store more than just one fingerprint in the device. You can save up to five -- I've actually scanned both thumbs and both index fingers, and rarely have an issue with Touch ID. Scanning multiple fingers also helps out in cases where you may have a cut on your normal "scanning finger" that may impede with good results. Finally, Caldwell points out that your finger must touch the metal ring surrounding the Touch ID sensor, as it helps the scanner recognize your print. So what should you do when Touch ID isn't working correctly for you? Think about the conditions under which you're using it. If your hands are really cold, Touch ID won't see your finger as being warm and conductive, and won't register a print. Likewise, be sure to dry your fingers well before using Touch ID. Water can interfere with scanning, and even having soaked your hands in water for a while will result in a different-looking fingerprint pattern. Touch ID won't work the first time you try after a restart of your device, if you fail a thumb scan more than five times, if you haven't used it to unlock your phone in more than 48 hours or when you try to change the Touch ID settings. All these are features built into Touch ID to keep thieves from easily hacking your device. Last but not least, Caldwell recommends that you make sure the Touch ID sensor is clean. Just use a clean cloth to rub it clean, and you should be fine.
Poll: How well does the iPhone 5s Touch ID work for you?
The iPhone 5s seems to be the best iPhone Apple has ever made, yet after a month of use, it's primary feature -- the Touch ID fingerprint scanner -- doesn't seem to be all that. To be sure, Touch ID seems to work reasonably well for a number of users, but there's a growing number of anecdotal reports (including from myself) in Apple's Support Communities that the Touch ID is hit or miss with an increasing number of false-negatives resulting in users having to re-code their fingerprints or even restore their iPhones completely. Here at TUAW we'd love to hear from you about your Touch ID experience. Take the poll below and feel free to elaborate in the comments. %Poll-85494%
Each individual Touch ID sensor will only work on one phone
When Apple first revealed the Touch ID fingerprint sensor, it was accompanied by a long and detailed explanation of how and where your fingerprint data is stored on the device -- in a special area on the iPhone 5s' A7 chip. But as iMore has discovered, locking your print details away in a dark corner of the processor isn't the only advanced hardware security measure that Apple has taken. It now appears that each Touch ID sensor is paired to its host device and won't respond if used elsewhere. After being contacted by a third-party iPhone repair and modification company that was having an issue getting a replacement Touch ID sensor working on a new iPhone 5s, iMore did some testing. They discovered that each Touch ID sensor, though appearing identical on the outside, will only work with the phone it came with from the factory, suggesting an additional security layer that Apple decided to not to disclose. But why pair the hardware components in such a way? Well, hackers are crafty, and while Apple insists that the fingerprint data is stored in a way that couldn't be reverse-engineered, if someone could tap into the conversation between the Touch ID and the A7 chip (possibly by spoofing the digital appearance of the Touch ID sensor) that information could be vulnerable. The chances that an individual could pull off such a feat is unlikely on its own, but by tying the sensor itself to one specific device makes it exponentially more difficult.
iOS 7 video tip: Associating Touch ID fingerprints with fingers
Today's iOS 7 video tip is for iPhone 5s owners who want to know more about Touch ID fingerprints. While the device simply stores fingerprints as "Fingerprint 1," "Fingerprint 2" and so on, you might want to know which finger corresponds to that title. We'll show you how, courtesy of the original written tip by Jeff Gamet of The Mac Observer. You can then edit those titles so you know exactly what fingerprint data is stored in each file, or even delete a fingerprint from Touch ID. As with all of our other video tips, this one can be set to full-screen for easier viewing.
AllThingsD reports October 22 Apple event
Red alert! Red alert! For anyone who has been anticipating a new iPad or perhaps a Retina display iPad mini, holding out for the release of the new Mac Pro or dreaming about the mythical iWatch -- the wait may soon be over. AllThingsD is reporting that Apple is holding an event on Tuesday, October 22 -- primarily for iPad announcements. John Paczkowski reports that the new Mac Pro and OS X Mavericks are probably on tap for the meeting, but the focus will be the fifth-generation iPad, rumored to have a thinner and lighter design similar to that of the iPad mini. And of course, the iPad mini might finally see that Retina display we've all been wishing for. Will those new iPads feature Touch ID for fast unlocking? We'll only know when the event takes place. Paczkowski also notes that October 22 is one day after Microsoft's new Surface 2 begins shipping -- so we're sure to hear some good snark from the Apple executives. It is also the same day as Nokia's Innovation Reinvented showcase. Fun abounds! Your TUAW metaliveblog team will be on hand to provide you with information and commentary as the announcements unfold. [Update: This was foretold to the world back in September, it seems]
Find which fingerprint is associated with Apple ID
Jeff Gamet at The Mac Observer posted a very helpful article today on how to identify which of your 10 fingers are linked to your Touch ID on your new iPhone 5s. He walks through the six steps necessary to differentiate which of the saved five fingers you use as your passcode. (You did use a finger, didn't you?) One caveat to this post though: You can "assign custom names to each fingerprint" by opening the Fingerprints screen, then tapping edit and tapping the name, which is listed as Finger 1 through Finger 5. Choose the one you want to rename and type away. This part of the tip is offered by The Mac Observer reader Nik Jones and tweeted by @mcelhern (Kirk McElhern). Thanks guys! If you need help setting up the Touch ID on your new iPhone 5s, Apple support has just the document you can read, iPhone 5s: Using Touch ID.
Oh look, another "easy" way to spoof Touch ID on the iPhone 5s
I'll be honest: I'm getting kind of tired of seeing words like "easy" and "simple" being used to describe the ridiculous how-to videos showing that it's possible to trick the Touch ID sensor on the iPhone 5s into believing you're someone you're not. The latest in what is sure to be a never-ending string of "me too!" hackers claiming they have figured out the best way to fool the iPhone is SRLabs, though I'm not seeing how this could possibly be categorized as "easy." Here's a list of the steps to pulling off this spoof (you can check out the process used by the Chaos Computer Club on our original article regarding the trick). First, snap a photo of a perfect print from the finger that will unlock the device. Without the victim knowing, of course. Use digital photo software to separate the print from the rest of the image and then "retouch as required." If your spouse or nosy friend has recently been taking Photoshop classes, this might be why. Print the image of the fingerprint on translucent plastic using black toner. Place the image of the print over a piece of photo-sensitive copper circuit board and then expose it to intense UV lighting. The folks from SRLabs used a face tanner for this. You have one or two of those laying around, right? Develop the circuit board in a bath of Sodium Carbonate Monohydrate or Potassium Carbonate. You know, just whichever one you have in the pantry. Etch the fingerprint into the copper by placing the copper board into an etching solution. Cover the print mold with graphite spray to help spoof the capacitive properties of a normal human finger. Cover the print in wood glue, let it dry, and then peel it from the mold. Oh, and the most important step of them all: Steal the phone from the victim, without them knowing it. If they find that their phone has been stolen, they can remotely wipe the device, which would mean you just did a lot of hard work for nothing. Then unlock the device. You only have a few attempts to do this correctly, because if you fail multiple times in a row the device will demand the numeric passcode and your plan is foiled. Easy! Right? RIGHT!? Seriously though, every time one of these groups comes forward with another slightly tweaked method for fooling Apple's top-of-the-line smartphone, I can't help but think how much easier it would be to just steal the phone in broad daylight and then torture the owner into unlock it themselves. If there's anything on your phone that would warrant someone to go through these insane steps to breach its security features, you should probably be using a 20-digit passcode and keep your phone within your grasp at all times. Touch ID isn't infallible, but it's better than a 4-digit passcode (which can be brute-forced in less than an hour or simply spied by someone peeking over your shoulder), and it's clearly better than no security at all, which is how many consumers use their phones every day.
Caturday: O'Malley unlocks with pawprint technology
Touch ID? That's soooo old-fashioned. All the cool cats are trying O'Malley's method of unlocking his human's devices using that amazing pawprint™ technology. It appears as if O'Malley has also found a fail-proof way of keeping owner Eric S from doing any work on his Mac. We'd love to see photos of your favorite feline soaking up the warmth of an Apple product, chasing a Magic Mouse, or just being a general nuisance while you're attempting to work on your Mac, iPad, or iPhone. Please let us know via our feedback page and please remember that your cat photo has to have some sort of connection to Apple or its products. For security reasons we can't accept inbound attachments, so you should host the photo (Dropbox, Flickr, iPhoto Journals, etc.) and send us the link. Many thanks to Eric S for sharing this photo with us.
The TUAW iPhone 5s Review: Two writers, two phones, one review
For the first time since the original iPhone was replaced by the iPhone 3G, we have a new iPhone (or in this case, a pair of new iPhones) taking the place of the previous generation rather than just acting as an upgrade. So, because of this unique circumstance -- and because we had multiple TUAW writers picking up the iPhone 5s on launch day -- we decided to do a special combo review, featuring the opinions of both Megan Lavey-Heaton (whose last phone was the iPhone 4s) and me, Mike Wehner (who is switching over from the iPhone 5). Enjoy! Megan: I never felt like my iPhone 4S was a shabby phone, even when the iPhone 5 was introduced. For the first time since I purchased an original iPhone, I was satisfied to wait out my two-year contract. Even at the very end, just before I handed my 4S over to the Apple Store employee to recycle, I tweeted that it was a good phone. Mike: To be completely honest, I didn't need a new phone. I was perfectly happy with my iPhone 5 -- aside from the fact that I wanted a bit more storage than the measly 16GB model that was the last available at my local AT&T on launch day -- and picking up the 5s was done partly out of curiosity and partly because I'm admittedly a sucker for the most powerful smartphone on the market. As I was already satisfied with the iPhone 5, I assumed the 5s wouldn't actually change the way I used my phone, but it turns out I was mistaken. Immediate impressions Megan: Damn, this phone is light. I was terrified of dropping the thing or accidentally flinging it across the room. It took me about a day not to miss the solid heft of the iPhone 4S in my hand. Second impression: This phone is so fast that it catches you off-guard, especially if you're coming from a 4S or earlier. It's like the first time you used a SSD MacBook Air after using traditional MacBooks. John Gruber compares using the 5s to using the MacBook Pros of five years ago, and it's a great comparison. The performance is just that good. In the past, I'd call up the Mail client and wait a minute or for the 100 or so emails that pop in on a weekday morning -- at least long enough for me to have a sip of coffee. Now, I barely reach for my mug, and my email is waiting for me. Apps that tended to take own sweet their own time to load, such as Tumblr, now do so immediately. The iPhone 5s is also my first LTE phone, and I actually had to double-check to make sure that it was switching over to the WiFi network when I went to work. The phone speeds were so fast that I didn't realize I wasn't on WiFi for a bit. Mike: The AT&T rep handed me the iPhone 5s while I was already holding my iPhone 5, and it felt like I was being handed a doppleganger of my old device. That's a long-winded way of saying that they look almost identical. The only difference between the two is the slightly recessed Home button on the 5s, which now features chamfered edges and a flatter center surface. To someone who didn't touch the "old" home button a hundred times each day, that might not seem like a very big change, but for the iPhone faithful it's actually a noticeable tweak. The new Home button seems to click louder and with more authority than the old one, which is actually a welcome alteration. That said, iPhone 5 owners won't be able to tell a difference in weight or dimensions, because there is none. Almost immediately upon actually playing with the device I noticed how speedy it is, even compared to my year-old iPhone 5. The thing is blindingly quick with just about everything. Icons respond immediately to touch and in apps or games where you need to drag items around the screen, there is no latency whatsoever. I know you're thinking "But my current iPhone doesn't have latency to begin with!" And I understand, because that's what I thought as well, but as soon as I had a few minutes with the 5s I realized how wrong I was. Is this a game-changer? Of course not, but it's nice to be able to notice a measurable upgrade in power right from the very beginning. This hasn't just brought an occasional smile to my face when messing around with menus, but it has actually made certain iPhone tasks less burdensome, and even enjoyable. For example, using Safari to browse the web while on the go was always a hassle. It's always been too slow and too unresponsive to be truly useful when I'm in a hurry. With the iPhone 5s and iOS 7's Safari, it's practically a treat. Checking comments on a TUAW story (which is something I frequently do when I'm away from my desk) was a two-minute task on my iPhone 5, but I can now whip through several stories in as much time as it took me to navigate to a single article on my old phone. Touch ID Megan: The scanner works as advertised. I programmed my thumb and off I went. It's extremely convenient. The only time the scanner hasn't worked for me was when I accidentally tried to unlock it with the wrong finger or when I hit the home button with the side of my thumb (an area that wasn't originally mapped). There's no time delay when using the Touch ID. It worked just as fast, if not a bit faster, than swiping and keying in a passcode. If anything, it's better because I don't have to stop and key in said passcode. But, I do like having that backup and have used it. If anything was a hassle about Touch ID, it was my fault, not the software's. Thanks to muscle memory, I'd automatically swipe to unlock the phone instead of using Touch ID. Once the passcode screen appeared, I remembered to use my finger. It's getting better, but it'll take a few days to undo six years of muscle memory. Touch ID is also used when you receive a notification on your lock screen. Touch the home button, and once the phone is turned on, you're sent to the location of the last notification to address it. I really wish you could just swipe to dismiss a notification from the lock screen, but that's an issue with iOS more than Touch ID. Mike: You set up the Touch ID to recognize one or more of your prints, and then rest your finger on the home button in order to unlock your device without using a passcode. It's extremely fast, and you can almost always unlock your phone with your finger quicker than you would by typing in a code. Simply put, I was shocked by how well it worked. Touch ID isn't sexy. At least it's not sexy in the way that "fingerprint scanner" makes it sound, and that's perfectly fine. When you place your finger on the sensor it doesn't say "scanning fingerprint" or anything of that nature, it just unlocks the device and takes you to the home screen. In fact, even if you mess up (like use a finger that's not set up for Touch ID) it doesn't even explicitly state that the print is wrong, it just says "Try Again." It's not flashy, it just works. Camera Megan: I was expecting a better camera when I moved up from the 4S, but I was blown away by how great the camera is. One of the first pictures I took was of the fountain outside work. It was my first time using burst mode and using the digital zoom that wasn't available on the 4S. The results were outstanding. The iPhone automatically determined which of the eight shots I took was the best, but it gives you a chance to choose another. With that, and subsequent tests of burst mode, the software did choose the best of the images. Burst mode happens so fast though that you suddenly have 8-10 shots taken before you realize it. Word to the wise: Make sure to clear your iPhone camera roll frequently if this happens, otherwise you'll run out of space quickly. I'm not a fan of digital zoom, but I am impressed with the results from the 5s. As you can see in the photo above, the a lot of detail is captured in the water spray. It only has that soft focus-feel to a digital zoom shot along the edge of the building in the background, and the photo isn't pixelated as I've come to expect from most digital zooms. I might actually use it now, at least some of the time. Likewise, the True Tone flash also lives up to its name. As you can see from the image above, the left was taken without a flash and the right with the flash on. The True Tone flash makes the cat's fur and my socks come out at the right colors without having to do any post-processing. But the low-light shot without the flash is equally as good, and I'm happy with both. I'm not a fan of using the flash, but if I need a fill light, I'll be more comfortable using this flash. I tested the slo-mo video while my husband washed dishes, and it's incredibly easy to use. Shoot the video, and in post-processing, you can adjust the sliders to slow down certain segments of the video. I wish you could slow down more than one segment of the video. Engadget observed that the slo-mo doesn't stick when you transfer the video to your computer, but it does if you upload to YouTube. I tried editing the video in iMovie on the iPhone, and likewise, the slo-mo doesn't stick there either or when I tried uploading to Facebook through the app. However, if I uploaded to Facebook by sharing from Photos, it retained the slo-mo. So, if you want to share those videos to YouTube, Facebook or Vimeo, you'll have to do it through Photos, which is a bit annoying. Mike: I'm not a huge camera snob, so I've been reasonably satisfied with just about every iPhone camera since the 4s. I take photos of the most obnoxious things -- like my cats, for example -- so if I'm not at some sort of tech event, where I'd be taking my DSLR anyway, just about anything will satisfy me. Now, with that said, the iPhone 5s camera is quite a drastic upgrade from the iPhone 5 in ways I hadn't expected, even considering how much Apple talked them up. Firstly, the lens works much better in low light, which is a problem that plagues just about every smartphone camera on the market. The camera on the iPhone 5s isn't perfect in this regard, but it's definitely a step up. Along with the addition of a dual-tone LED flash, taking photos in sketchy lighting is now a much more pleasurable affair. But what really impressed me about the new camera is the slow-mo 120fps video mode. I've only used it on a handful of things so far, but I can already tell I'm going to have a lot of fun with this. I'm a huge sucker for slow-mo videos, and at 120fps, the videos the 5s can produce are actually pretty stellar. You can select the section of the video you want to slow to a crawl and save clips to YouTube (or Vimeo or Facebook), which I've already done enough to annoy some Facebook friends. Battery Life Megan: I charged the phone to 100% on Friday night and by Sunday afternoon, it had fallen to 20%. This included a couple hours of playing Chillingo's Order Up to Go, a game that normally chewed through my iPhone 4S battery. In the same amount of time it took for the 4S to go from fully charged to gasping for battery, the 5s only used 10% of its battery. So far, this matches TechCrunch's observation of battery use. But, to get the best gauge on it, though, I need to take the phone through a normal work week. Mike: I started to get the feeling that my iPhone 5's battery life was beginning to decline, as many of them tend to after 12 months of practically non-stop use (I'm really, really hard on my mobile batteries). But even if it was, I don't think my iPhone 5, when new, had a battery that matches the 5s. Under normal use, the phone loses less than half its charge in a day's time, but under my own torture test I was able to drain it in 12 hours of gaming, constant fiddling, downloading, AirDropping, and so on. If you've been satisfied with the battery life stats of iPhones in the past, you should be perfectly content with the iPhone 5s. Verdict Megan: If you're looking to upgrade from a 5, unless you're itching for the better camera or Touch ID, stick with the phone you have. While the new features are fantastic, it's not enough to prematurely upgrade your phone unless you have the cash to spare. If you have a 4S or earlier, then absolutely go for the 5s. Mike: As a former iPhone 5 owner, I'm happy I made the upgrade simply for the additional power the iPhone 5s affords me. However, unless you're an avid player of the latest iOS games or absolutely can't wait an extra few seconds for a web page or email to render, you should be satisfied where you currently are. Touch ID is fancy and the new camera has some pretty cool new tricks, but these alone won't be enough to sway most current iPhone owners on their own. If you have an iPhone 4s or later, I'd recommend an upgrade just for the sake of being able to use the latest apps (since the two-year mark is where some developers begin to ignore the older phones and focus only on the latest models). Overall, it's a fantastic phone, but when compared to the iPhone 5, it is indeed an incremental upgrade.
Fooling Touch ID may be possible, but calling it 'easy' is a bold-faced lie
By now you've all probably seen the video that is currently making its way around the web claiming to show how easy it is to fool the Touch ID sensor on the new iPhone 5s. In it, a shaky-handed individual uses what appears to be a thin film of some sort to trick his phone into thinking he was using his correct finger, when in fact he wasn't. It's important to note that we're still waiting on the video showing the actual process -- which is obviously the more important part -- but for the moment we'll give the videos creators the benefit of the doubt. Easy? Ha! Certain corners of the tech blogosphere are reporting this as an "easy" trick, and even the original posting on the Chaos Computer Club website refers to the trick being pulled off "using easy everyday means." Again, assuming this trick is legitimate, let's take a look at the list of items are required to pull it off: A perfect print (on a reasonably flat and clean surface) from the correct finger needed to unlock the device. Superglue (which must be fumed to allow adherence to the print itself). A high-quality digital camera capable of capturing photos with 2400 dpi resolution. An image editing program to "clean up" the print and make it useable (and the knowhow to pull this off). A sheet of printable clear plastic. A printer that can both print in 1200 dpi and has a special "thick toner" setting. Liquid latex (or wood glue) along with a few drops of glycerine to smear over the printed image. You then have to breathe on the fake print to give it just enough moisture to be read. Oh, and you also need the phone itself, which you'll need to obtain without the target knowing (or they can remotely wipe the phone in an instant). If you're missing just one of these things, you're out of luck. On top of that, the iPhone 5s automatically asks for your passcode after five failed finger unlock attempts, and you can't proceed without it at that point. For extra security, it also has a setting that will wipe the device completely after 10 failed finger unlock passcode unlock attempts. You better make that print flawlessly the very first time, or it's game over. It's a fingerprint, not an iron cage As Apple noted at the iPhone 5s reveal event, the company's figures show that half of iPhone owners don't use any security measures on their devices whatsoever. Touch ID is designed to change that. Is Touch ID more secure than no passcode? Of course it is. Is it more secure than the standard 4-digit passcodes many people use (which can be brute-forced in less than an hour)? I'd argue that yes, it is. But if you're storing nuclear launch codes on your iPhone, you're probably going to want to go with the 20-digit code route or, you know, just not let your phone out of your sight. Touch ID is not faultless, and although using a finger you chopped off a friend isn't likely to work, there are techniques that almost certainly can fool it. Apple likely over-promised, with the talk of "sub-epidermal" scanning, but this doesn't mean biometrics is dead -- at least not anymore than my home door lock is dead because someone can photograph my key and then make a copy in 10 minutes at the local Walmart. It's a new security option, and it's an extremely convenient and secure one, even if your spouse has access to a high-end printer, liquid latex and takes Photoshop classes in her spare time. Stop worrying. Your text messages and Facebook updates are safe. [Image credit: gfairchild]
Talkcast 10pm ET: iOS 7, phone launch, touching the iVoid, and more
All-new dial-in experience! See below -- do not call into Talkshoe, we won't be there. Be sure to set up Fuze Meeting before the show if you want to join in live. It's Sunday, and it's time for the TUAW talkcast! If only we had anything to talk about this week... nah, just kidding. It's an iPhone launch to remember, and an iOS 7 introduction to boot. We've seen a frantic few days, with long lines and frazzled activations, not to mention an Apple TV update that had to be rolled back suddenly. Equally concerning, the German hacker group Chaos Computer Club claimed on Sunday that they were able to spoof a fingerprint to unlock the iPhone 5s via the Touch ID sensor. The process of capturing and manufacturing the fake print was somewhat involved, and of course once the spy print was made the hacker would still need to get access to your phone -- if phone and print were stolen simultaneously, you might have the hour or two of time before the fake print was ready to wipe your phone remotely. Gizmodo's Jesus Diaz suggested the real risk is that a jealous spouse might use this approach to spy on an iPhone 5s, which is an intriguing domestic drama in the making. Google's Tim Bray suggests that such a vulnerability is situational; in some cases, Touch ID is superior to a PIN, in other cases the converse. We'll discuss this development, plus more news, tips and tricks, and also wish two of our own a very happy birthday! (Steve and Victor.) Join us at 10pm ET, won't you? Reminder on new-style talkcasting: With some help from the fine folks at Fuze, we're using a new system to record the show. This should let everyone listen in live -- and, if you want, raise your hand as you would in the Talkshoe room to get unmuted and chime in. You can join the call in progress (meeting # is 20099010) at 10 pm ET from any computer via this link; if you download the Mac or Windows Fuze clients ahead of time, you'll get better audio and a slicker experience. Just click the phone icon to join the audio once you're in. Using an iPhone or iPad? Grab the native clients from the App Store and get busy. (Even Android users can join the party.) Still feel like using the conventional phone dial-in? Just call 775-996-3562 and enter the meeting number 20099010, then press #. While the Fuze web and native clients have a chat channel, we'd like to reserve that for host participants, requests to talk and other real-time alerts... so the full-on chat for the show will appear in this very post at 10 pm tonight. You'll need Twitter, Facebook or Chatroll credentials to participate in the chat. We'll remind everyone to check back in at that time. Your patience and forbearance with our new tech is appreciated in advance. For the time being, the podcast feed of the show will continue to originate from Talkshoe and should be there within 24-36 hours. See you tonight!
iPhone 5s fingerprint sensor gets completely misunderstood
This article from the Toronto Star, giving 10 reasons the iPhone 5s Touch ID fingerprint reader is a "bad idea," has been making the rounds over the past couple of days. It's been almost universally derided -- and rightly so, because it reads like it was written by someone who's never even held an iPhone before. [Want to help your friends and family grok the iOS 7 story? Send them a link to our Don't Panic Guide to iOS 7. --Ed.] While the level of out-there wacky on this story may be atypically high, the core issue is all too common; this is the sort of brain-dead article that always comes out any time an Apple product includes technology that's new, or not yet popular (as noted, fingerprint ID is neither new in general nor new on a smartphone). Someone in the media who knows nothing about tech consults a so-called "expert" who's never been in the same room with the device under discussion, much less held it in his hand, and we're "treated" to a conveniently-formatted Top Ten (reasons x) list of why (Apple technology y) will lead to the end of life as we know it. All of this has happened before, and all of it will happen again. That's what makes my job so much fun. Here's the Toronto Star's list, methodically ripped to shreds. 1. There is a video out there showing a cat being able to unlock the phone. How long before hackers crack the security function? If you deliberately go out of your way to set up Touch ID to allow your cat's paw to unlock your phone, then yes, this will work. You can also set up Touch ID to work with various human body parts and appendages which are also not fingers. Use your imagination... just don't use mine. The point is, you have to deliberately set up Touch ID to recognize your cat's paw print or your big toe, or whatever you're into. If you set up Touch ID to look for your thumb print but then put your cat's foot on the Home button, guess what happens? Your phone doesn't unlock. [To answer the second part of the question, "how long before hackers figure out a way to simulate a fingerprint," the answer may be: not all that long. --Ed.] 2. If Apple gets it wrong, it will set back the biometrics industry years. This article's "expert" consultant doesn't define what "getting it wrong" actually means. My question is, why so pessimistic? What if it turns out that Apple is the first entity to get biometrics right, and it moves the industry forward by several years? 3. This is a solution to a problem we don't have. A collection of similar arguments (no indication at press time whether this article's "expert" ever uttered any of these gems, though I wouldn't be the least bit surprised): My CD player is good enough! Why should I pay $500 for an MP3 player? My Blackberry is good enough! Why should I pay $500 for a phone without a keyboard? My netbook is good enough! Why should I pay $500 for a big iPod touch? 4. Apple is using fear to sell this product. Oh it is, is it? Here's Apple's marketing copy on Touch ID, available on its website: You check your iPhone dozens and dozens of times a day, probably more. Entering a passcode each time just slows you down. But you do it because making sure no one else has access to your iPhone is important. With iPhone 5s, getting into your phone is faster, easier, and even a little futuristic. Introducing Touch ID - a new fingerprint identity sensor. Put your finger on the Home button, and just like that your iPhone unlocks. It's a convenient and highly secure way to access your phone. Your fingerprint can also approve purchases from iTunes Store, the App Store, and the iBooks Store, so you don't have to enter your password. And Touch ID is capable of 360-degree readability. Which means no matter what its orientation - portrait, landscape, or anything in between - your iPhone reads your fingerprint and knows who you are. And because Touch ID lets you enroll multiple fingerprints, it knows the people you trust, too. BOOGA BOOGA! 5. Moisture on your fingers, or something like pizza crust, can slow or confuse the device. Guess what? Wet, pizza-encrusted fingers don't work really well on a touchscreen surface, either. Maybe you should wipe off your grungy paws before grabbing for the $500 portable computer in your pocket. Just because the iPhone's screen is oleophobic doesn't give you an excuse to coat your hands in Crisco every time you want to play Angry Birds. 6. Somewhere in your device will be your file so that it can take that information and reuse it. First of all, there's a dedicated "enclave" in the iPhone 5s processor that's used solely for the purpose of storing encrypted data related to Touch ID. Its only connection to the rest of the iPhone's hardware is a function to say, "Touch ID check OK/Fail." The notion that someone could grab this data via a Bluetooth connection is ludicrous Hollywood "hacking" BS. Second, the iPhone doesn't actually store fingerprint data in the first place. The iPhone 5s maps your fingerprint and converts that into a string of data (a one-way hash), then holds onto that chunk of data. The next time you put your paws on the phone, the same hashing process produces another data chunk; the two chunks -- not the two fingerprint images -- are matched up to allow access. In fact, assuming the hashing process works the same way as it does for existing iPhone passcodes, the fingerprint data is encoded in a way that's specific to that individual phone (salted). Copying it anywhere else would be useless. [Have we been hearing about hacker gangs remotely stealing iPhone passcodes via magical processes to use them elsewhere? No, we have not -- and if we had, it would almost certainly be via social engineering or visual spying as the phone is unlocked, both of which are impossible with Touch ID. –Ed.] Anyone who somehow managed to access the iPhone's Touch ID circuitry and extract the hashed data would just find a string of alphanumeric gibberish, not a 3D-printable set of whorls and ridges ready to be turned into a latex Mission:Impossible-style fake finger. My TUAW colleague Dr. Richard Gaywood, who knows a thing or two about this stuff, says turning that data back into a readable fingerprint "would be like taking a cake, eating half of it, smashing the rest up with a fork, then giving it to someone and asking them, 'How much did the whole cake weigh, and what message was written on the icing that was on top of it?' " Besides, why go to all that trouble? If someone has your iPhone, and they want your fingerprints, they can just use a little-known technique called "dusting for fingerprints" and physically pull your prints off the outside of the device. I understand various law enforcement agencies have been utilizing this technique for around a century and a half now. The common concern I've heard repeated often (sign of the times) is, "What if the NSA gets ahold of my phone? They'll get my fingerprints! And then they'll... they'll use them. They'll use my fingerprints to do their shady NSA stuff! YEEARGH!" I'm not concerned with the NSA getting fingerprints off my phone. That's because my fingerprints are on file with the FBI and have been for nearly 20 years. Thanks, US military! And you're welcome, NSA! I figured I'd make life easy for you (except the part where I moved to New Zealand, I suppose). 7. Anytime you get complex software, it can lead to problems. I honestly don't know what to say in response to this. I'm just basking in the glow of... whatever this is. I feel like this should be printed out in Helvetica Neue Light, white text on a black background, on the biggest poster anyone can find, and it should be hung in the atrium of Microsoft's world headquarters building. 8. This is targeted only for one market: People not concerned about security won't care. So what? They don't have to use it then. News flash: not everyone cares about smartphones, either. The people who don't care about them are still rocking out with "feature phones" that only make phone calls and send texts. That doesn't affect the rest of us, who are playing video games and reading books and shooting high-definition video on our cellphones. ["People not concerned about security" should be a pretty small group. Many, if not most, iPhone users don't put a passcode on their phones at all. This is, frankly, dumb and dangerous -- your pocket computer holds a lot of personal information about you and your family, and it should be protected just like your Mac or PC. Moreover, you can't use Apple's new Activation Lock security feature without a passcode. Touch ID means that those folks who weren't using a passcode due to the lag and inconvenience now will have fewer excuses. –Ed.] 9. Expected technical difficulties with a new product. "I don't think it's going to be welcomed because it's not going to be technically as effective as they thought. The technology is not yet good enough." My Twitter timeline -- and every review of the device I've read so far -- strongly disagrees with this sentiment. Every bit of feedback I've seen suggests that Touch ID, like so many other things associated with Apple, "just works." The above statement reads like it was written by someone who had yet to handle the device and is simply scoffing at the functionality in the interest of being deliberately contrarian. 10. People will use it initially, but the novelty will wear off. "People are going to start to use it in the beginning and then stop using it because of the time delay." Again, reports from people who have actually used Touch ID suggest there is no time delay associated with using it. It's certainly faster than entering a passcode multiple times per day, which is why the feature was introduced in the first place. No one is saying you have to use Touch ID. It's optional. Siri has been out for two years, but even though I use it all the time, I don't know anyone else in the real world who uses it on a day-to-day basis. But it's there if you want to use it -- just like Touch ID. That's the whole point... one of many the linked article's writer and interviewed "expert" seems to have missed.
The first person to hack Touch ID is going to make a lot of money
Apple's iPhone 5s, which sports the fancy Touch ID fingerprint sensor, hasn't launched yet, but there's already a reward for being the first person to successfully hack it. The aptly named IsTouchIDHackedYet.com is tallying the names of everyone who has pledge money to the individual (or team, I suppose) who can successfully lift a fingerprint from an object and then use that print to unlock an iPhone 5s using Touch ID. As you can see by the list on the website, there's a whole lot of cash to be gained. Of course, it's up to each individual pledger to follow up with the payment, though with Chicago's IO Capital tossing a cool $10,000 USD into the ring, you can (hopefully) count on good payday even if a few of the smaller donators chicken out.
iPhone 5c, 5s teardown by Australian repair shop
They're not due in the US until tomorrow, but it's already tomorrow somewhere in the world, and that somewhere is Australia. Well, that didn't make any sense, but the point is that some blokes at Sydney, Australia-based iExperts got their hands on some brand-new iPhones and did a teardown before the guys at iFixit were able to do the same. As usual, the devices are locked down with pentalobe screws and require the use of a suction cup to remove the screen. The team noticed that there's a special cable that connects the Touch ID sensor on the iPhone 5s to the charging port assembly -- not sure of the reason, but I'd speculate that it's for grounding the sensor when the iPhone is docked and charging. The batteries on the new devices have higher capacities than the one on the iPhone 5 (5.45 Whr), with the iPhone 5s coming in at 5.92 Whr and the iPhone 5c at 5.73 Whr. Those batteries, according to iExperts, are made by Apple Japan, something they've never seen before on iPhone batteries. The logic boards for the new iPhones are quite compact in comparison to the one in the iPhone 5, and iExperts noted that the 5s and 5c boards share a similar design. The team also marveled at the "incredible functionality for such little circuitry" found in the Touch ID sensor on the 5s (below). If you're one of those people with an iPhone 4, iPod touch, iPod nano (sixth generation) or iPhone 5 that had a power switch failure, you'll be happy to know that the switch assembly has been changed in the new iPhones. The iExperts team will be posting more information on the chips located on the logic board later, so be sure to visit their site to get more information as the day rolls on.
Why a disembodied finger can't be used to unlock the Touch ID sensor on the iPhone 5s
When a lot of folks think of fingerprint-scanning technology, they often assume there's a single way to do it, but nothing could be further from the truth. There are actually more than a half-dozen different technologies -- and combinations thereof -- that various devices employ to read prints, with varying levels of reliability, and yes, some of them would indeed work with a finger you chopped off of a dear friend, but the Touch ID sensor on the iPhone 5s isn't one of them. Based on what Apple has revealed regarding Touch ID and what the company's own patents have suggested, the sensor in the iPhone 5s utilizes two methods to sense and identify your fingerprint: Capacitive -- A capacitive sensor is activated by the slight electrical charge running through your skin. We all have a small amount of electrical current running through our bodies, and capacitive technology utilizes that to sense touch. This is also the same technology used in the iPhone's touchscreen to detect input. Radio frequency -- RF waves do not respond to the dead layer of skin on the outside of your finger -- the part that might be chapped or too dry to be read with much accuracy -- and instead reads only the living tissue underneath. This produces an extremely precise image of your print, and ensures that a severed finger is completely useless. This means that the Touch ID sensor should be remarkably accurate for living creatures, but it also means that only a finger attached to a beating heart will be able to unlock it. So, should someone run up to you, hack off your finger, grab your iPhone and attempt to unlock it, there's virtually no chance it's going to work. Once the tissue is dead -- which, in the case of someone chopping your finger off without your consent, should happen within a matter of minutes -- two things will happen. First, the finger will lose all electrical charge and will fail to even activate the sensor, and secondly, if by some chance the sensor could be artificially activated, the RF reader that is searching for a print will find no living tissue and fail, leaving the device locked. It's important to note that in order to utilize Touch ID you must also set up a passcode, which acts as a back-up method to unlock your device. If someone really wanted to break into your device, chances are they'd be able to obtain your passcode more easily than actually slicing off a finger. However, if by some miracle the person snatching your finger had a compatible human host waiting for your finger to be transplanted onto their body -- and if they managed to complete the procedure before the tissue died -- you might have cause for concern. Oh wait, that's utterly insane, so no, you have nothing to worry about.
Comparing the iPhone 5s fingerprint scanner and older technologies
Since Apple unveiled the new Touch ID fingerprint scanner on the iPhone 5s a few days ago, the internet has been awash in, frankly, horrible reporting about its ability and consequences. One thing repeated over and over again is that fingerprint readers are buggy, prone to breaking after 500 scans and difficult to use because you have to place your finger on it just right. And all that is true... for fingerprint readers back in 2003. That's when I first used a fingerprint reader that was built into a Windows laptop. It was horrible. Half the time, the fingerprint reader wouldn't recognize my finger. Some times it would, but only after I swiped it slowly and carefully -- something that took much longer than quickly typing in a password. But the thing is that since 2003, fingerprint readers have advanced. Heck, they've advanced since 2011. And the one built into the iPhone 5s is the most advanced consumer fingerprint scanner on the market. So if you have any assumptions that the fingerprint reader on the iPhone 5s is like any fingerprint reader you've used in the past, I urge you to check out this awesome piece by Mary Branscombe at CITEworld where she explains in detail why the iPhone's fingerprint sensor is better than the ones on older laptops. The whole article is worth a read, but here's the central gist of it that everyone needs to understand: With the new sensors you don't have to move your finger, just press it against the reader. And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that's been severed from your body. This will protect you from thieves trying to chop off your finger when they mug you for your phone (assuming they're tech-literate thieves, of course), as well as from people with fake fingers using the fingerprint they lifted from your phone screen. [via Daring Fireball]
Touch ID is huge for businesses and employees, but for different reasons
Apple's newly revealed iPhone 5s sports a number of improvements over its predecessor, but if there's one feature that truly sets the device apart from other iPhones (if not from all previous smartphones), it's Touch ID. The Touch ID sensor built into the home button of the 5s can read your fingerprint as an alternative to swipe-to-unlock or PIN/password entry. You can use this digital wizardry to make iTunes purchases and unlock the phone itself. This futuristic tech might be a fun tool for the average smartphone user, but the feature will truly shine when it enters the corporate scene. A big problem The business world is fighting a two-front war in the name of security: Companies are doing their best to keep information locked down (both to comply with internal policies as well as government-mandated privacy efforts like HIPAA), while at the same time corralling employees that see convenience as the only priority. Businesses large and small have relied on applications like Microsoft's Exchange ActiveSync for years to set up secure mailboxes for employees running a wide array of devices. These days, smartphones are a huge area of concern thanks to the relative ease with which they are lost (compared to a laptop, for example) as well as a user base savvy enough to find ways around the policies in question. Mobile-device management tools (like Mobileiron, AirWatch and Apple's own MDM controls in OS X Server and iOS) are an essential part of the equation as enterprises balance productivity and bring-your-own-device policies with security and corporate priorities. "Hello all," a forum post on AndroidCentral begins. "My work recently implemented a new policy where the phone must be unlocked if using the exchange server email. My issue with it is I now loose [sic] my slide to unlock to the camera or other options based on the roms. Is there any way around it?" This isn't an isolated case of an employee seeking out loopholes to company security efforts -- it's happening every day, and it's not isolated to Android. A cursory search of jailbreak apps for iOS immediately produces options for bypassing company-enforced device locks. Users who seek out these solutions aren't doing so because they want to put sensitive business information -- or their own jobs -- in jeopardy; it's just a pain to type in a four-plus digit code every time they check their email or update their corporate social network. Similarly, the businesses that implement these lockdowns aren't necessarily the ones making the call; legal and regulatory constraints, in certain fields, may take priority. The Health Insurance Portability and Accountability Act (HIPAA), for example, mandates all healthcare employees who may have patient data on their smartphones -- including names, contact info, photographs and medical records -- set up passcodes and screen time-out features to ensure sensitive data isn't leaked. An elegant solution But now, on a mainstream smartphone platform, there will be a flagship device that offers both the convenience of a one-touch unlock and an unrivaled level of security. Touch ID addresses the concerns of businesses while giving users fewer reasons to seek out workarounds, and at the moment there is quite simply nothing to rival it. It's a win / win. Or a win / win / win if you count Apple, which stands to gain a lot of fans in the business security sector. Forward thinking indeed.
