Apple descrie in detaliu sistemul de securitate din spatele Touch ID

1

  Compania Apple a prezentat Touch ID ca fiind cel mai sigur sistem de scanare a amprentelor implementat vreodata intr-un terminal mobil, iPhone 5S avand un chip enclava in care sunt stocate datele privind amprentele noastre. Intrand si mai mult in detalii, Apple vorbeste despre masurile de protectie din jurul acestui chip encleva, el fiind situat in interiorul chip-ului A7, si imposibil de exploatat, chiar si in cazul in care temrinalele noastre ar fi jailbroken in prealabil.

  Mergand mai departe, compania Apple sustine ca exista sanse de 1 la 50.000 ca o amprenta ca Touch ID sa greseasca citirea amprentei si sa recunoasta amprenta altui utilizator inregistrat, sistemul avand totusi un numar limitat de incercari de citire, impunand apoi utilizarea unui cod de siguranta. Continuand, Apple sustine ca fiecare chip enclava are un numar de identificare unic care se inregistreaza in iOS 7 doar pentru iPhone 5S-ul in care acesta a fost introdus, el neputand fi utilizat cu alt terminal Apple/alt dispozitiv in nicio circumstanta.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.

  Pe parcursul intregului document de securitate Apple descrie un mecanism de securitate extrem de complex care cu siguranta va oferi multora idei pentru implementarea unor sisteme asemanatoare in propriile terminale, insa in final va las in compania unei liste care va spune ca sistemul Touch ID poate fi inlocuit cu un cod de siguranta. Touch ID s-a dovedit a fi extrem de sigur pana acum, sistemul putand fi doar pacalit de catre cei care si-au clonat amprentele printr-un proces complex, chip-ul enclava neputand fi exploatat deocamdata.

The passcode can always be used instead of Touch ID, and it’s still required under the following circumstances:

  • iPhone 5s has just been turned on or restarted
  • iPhone 5s has not been unlocked for more than 48 hours
  • After five unsuccessful attempts to match a finger
  • When setting up or enrolling new fingers with Touch ID
  • iPhone 5s has received a remote lock command