We already know Touch ID secures your digital fingerprint by storing it in a secure enclave on the Apple A7, only accessible to the sensor itself. It allows the iPhone 5s to better allow for both convenience and security. But what if that wasn't the only safeguard Apple took in order to protect your prints? We've taken a closer look at Touch ID and, through collaboration with repair company mendmyi, found that Apple has taken extra precautions beyond the secure enclave, on a hardware level that we've never seen implemented before.
Apple has touted Touch ID as a secure hardware path from the beginning. Here's the explanation straight from Apple:
Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can't be used to match against other fingerprint databases.
Apple doesn't make specific mention of any other additional safeguards. However, as we discovered through some research and testing of our own, it seems as though Apple went through the trouble of pairing every individual Touch ID sensor cable to each individual phone as well. That's an incredible feat, and it immediately raises the question - why?
Our investigation into the Touch ID assembly started when mendmyi contacted me about an issue with Touch ID on a customer's phone. It had come in for their Colour Lab service. The video below demonstrates the issue:
In order to try and rectify the problem, many steps were attempted. These included swapping out the Touch ID sensor for one verified to work, replacing the dock connector the Touch ID makes contact with, and even replacing the logic board itself. When each different hardware fix was attempted, a DFU restore was performed as well. Nothing worked. It was baffling.
It was then discovered that the Touch ID sensor currently in the device was not the original one that came in the device. Once the original was returned, Touch ID started working again.
At this point, we knew there had to be some additional, previously undisclosed, hardware lockdown going on. To test this theory, we took two iPhone 5s handsets that had never been opened before, and verified Touch ID was working on both. The front assemblies, which contain the Touch ID assembly itself, were then removed and swapped. After re-assembly, both Touch ID setups failed. When returned to the original device, Touch ID once again operated correctly.
This confirmed for us that the Touch ID component cable assembly itself is tied to each individual A7 chip.
I asked our resident security expert, Nick Arnott, if he had any thoughts on why Apple would find this necessary. While none of this can be confirmed, these are his thoughts on why Apple may have taken the extra precaution:
It's hard to say why Apple might lock the A7 chip to a specific Touch ID sensor. One possibility could be to try and prevent any sort of sniffing or interception taking place between the Touch ID sensor and the secure enclave. Sort of like a hardware equivalent to SSL certificate pinning. By pairing the A7 chip to a specific Touch ID, this could make it more difficult for tinkerers to try and intercept communications to reverse engineer how the components talk to each other. This could also mitigate possible risks of malicious third-party Touch IDs being installed in a user's device without their knowledge which could capture a user's fingerprint for an attacker, while passing it on to the A7 chip to allow a user to continue to use their device as normal, without any indication it has been tampered with. If Apple instead used some sort of shared key that was used by all Touch ID sensors to authenticate with the A7 chip, it would only take one Touch ID's key being hacked to compromise all of them. Being tied to a unique Touch ID sensor on each phone means installing something like a malicious Touch ID sensor would require cracking each device you want to attack individually.
I think all Nick's points are valid and could certainly explain what Apple was getting at in their own description of Touch ID when they say it isn't possible for your fingerprint to be reverse-engineered. One thing is for sure, I'd be very curious to see if these kinds of security precautions are taken in other fingerprint readers such as the one found in the HTC One Max.
Update: Interesting take from natevancouver on Twitter as well:
@noir @reneritchie Sounds like HDMI Protected Media Path. Really good to have if they plan to introduce a touch-based payment system.
So what does all this mean for general consumers, hackers, DIY repairs, and future security standards? For general consumers, this is good news. It means you've got an extra layer of protection that's specifically unique to your device. A universal hack won't work. For hackers, it means they've got their work cut out for them and if they want to attack Touch ID. It looks like it can't be done by modifying the sensor cable itself.
When it comes to DIY repairers, it means your job just got a little more precarious. Since you need to remove the Touch ID cable and transfer it in order to perform to most common repair, including replacing a cracked screen, you'd better make damn sure you don't break it. If you do, you'll lose Touch ID functionality and won't be able to get it back.
I've not yet been able to find a reference to another company locking down specific hardware components the way Apple has with Touch ID. It theoretically means they could lock down any component in an iPhone, iPad, iPod, or Mac if they really wanted to. Will they? Probably not. But the option is there.
It's obvious tremendous safeguards have gone into building Touch ID, likely to make sure everyone feels safe and comfortable using it now and into the future.
