Security at Your Fingertips
How does the new iPhone 5S fingerprint security work? Like so:
Fingerprint readers can rely on a variety of different scanning technologies. The two that can be best integrated into a mobile device are an optical reader or a capacitance sensor. Optical readers are conceptually simple, using what is essentially a digital camera to take an image of your finger surface.
Capacitance readers are more complex, instead creating an image of your fingerprint by measuring the differences in capacitance between the ridges and valleys of your fingerprint. They leverage the electrical conductivity of your sub-dermal skin layer, and the electrical insulation of your dermal layer (the one where your fingerprint is). Your fingerprint is effectively a non-conductive layer between two conductive plates, which is the very definition of a capacitor. The fingerprint reader senses the electrical differences caused by the varied thickness of your dermis, and can reconstruct your fingerprint.
The Touch ID sensor in the iPhone 5s is a capacitive reader, embedded in the home button. That was a good choice on Apple’s part, since capacitive scanners are more accurate and less prone to smudgy fingers, and can’t be faked out with a photocopy of a fingerprint.
But there's more good news:
And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that's been severed from your body.
So don't worry about a rash of thieves cutting off people's thumbs to activate stolen iPhones.
Then there's this from the first story:
Although details aren’t yet known, we expect that Apple uses each iPhone’s unique device code as part of the hashing algorithm. Since it’s embedded in the iPhone’s hardware, it’s effectively impossible to attack it off the device with more powerful computers; on-device attacks are much slower and more difficult.
The question remains however, does the NSA have a back door?