Tag: apple mobile security

New Apple mobile security patent could send fingerprints to the cloud

A new filing has been spotted that could bring the data from Touch ID to other devices via the cloud.

The US Patent and Trademark Office published a patent filing from Apple that could have to do with part of its mobile security feature that collects fingerprints in order to unlock devices and conduct other functions through certain iPhone models.

The filing was called “Finger biometric sensor data synchronization via a cloud computing device and related methods”.

The patent described a method of recording an individual’s fingerprints by way of the Touch ID mobile security sensor from Apple, so this information could then be uploaded to the cloud and synced with other Apple devices. The sensor necessary for Touch ID has been built into Apple technology in its smartphones since the iPhone 5S, and in the iPads that have been released since that time in 2013. The sensor allows a device owner to use his or her fingerprints in order to access the device. However, more recently, it also became an identity verification feature when making purchases through the new mobile wallet system, Apple Pay.

This potential change to the mobile security feature is meant to help to make the system more convenient.

Mobile Security - Cloud TechnologyApple described in the patent filing that enrollment into Touch ID could potentially be “cumbersome for users in some instances, such as when multiple fingerprints, users and/or devices are used.” By synchronizing the process using a cloud based function, it would help to eliminate the need to re-register a device owner’s fingerprints on every device, in addition to the fingerprints of all of the other people who are to be given permission to access the iOS gadget.

At the time of the writing of this article, the Touch ID security page at Apple explained that “iOS and other apps never access your fingerprint data, it’s never stored on Apple servers, and it’s never backed up to iCloud or anywhere else.”

If that mobile security policy is to remain the same, it makes one wonder how this potential cloud synchronization technology could possible work, and how it could be safely applied in order to protect the data from the Touch ID feature.

Mobile security and privacy of Apple iPhone called into question

Researchers have discovered that a great deal of data held by these smartphones can be extracted from them.

According to a recent mobile security acknowledgement from Apple, it is possible for its employees to be able to use previously unpublicized techniques in order to be able to extract data from consumer iPhones, such as contact lists, photos, and other types of personal data such as text messages.

The equivalent techniques could also be applied by law enforcement to work around backup encryption.

This same mobile security sidestepping technique could be applied by others who have “trusted” forms of computers to which the iPhones have been connected. This according to an expert in privacy and security who brought about the admission from the tech giant. Last week, at a presentation that took place in a conference, Jonathan Zdziarski, a researcher, demonstrated how the services were capable of accessing considerable quantities of data by way of diagnostic services that Apple has said are meant for use by engineers.

The researcher said that iPhone users are not told when this mobile security and private data access is occurring.

Apple - Mobile SecurityZdziarski also stated that there is no way for users to disable the services or prevent them from running. This means that there is no way for the user of an iPhone to know which computers have already been labeled as a trusted device by way of the backup process and these users cannot choose to stop future connections. He stated that “There’s no way to `unpair’ except to wipe your phone.” He then went about demonstrating that he was capable of extracting private data from a locked phone through the use of a computer with trusted status.

Although some have stated that they feel that this is evidence that the National Security Agency and Apple are collaborating with each other, Apple has denied all claims that they have constructed any type of “back doors” to their mobile security be used by intelligence agencies. A statement from the company said that “We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues.”