People* are really worried about the NSA getting their fingerprints through Apple’s new iPhone 5S.
For those people, John Gruber at Daring Fireball has
a through, clear explanation of how Apple will keep fingerprints secure.
People who are spooked by the NSA will probably say this is nonsense, and that the government is out to get them no matter what. If that’s your attitude, then we don’t what to tell you.
For the rest of you, read this:
Your fingerprint data is not just “not stored in iCloud yet“, it is not stored in iCloud by design, and according to my sources, never will be. iOS, even the system itself, cannot read from or write to the secure storage location where fingerprint data is stored — only the Touch ID hardware sensor itself can. And what is stored in that secure location are not fingerprint images, but cryptographically hashed values, unique both to your finger’s biometric data and the device itself on which you scanned it. Even if someone does figure out how to obtain the fingerprint data from the secure storage on your iPhone, that fingerprint data should prove useless anywhere but on the unique Touch ID sensor on the iPhone itself — which device would have to be in the possession of your attacker/adversary in the first place for them to read the data.
I’d be far more concerned about a nefarious criminal (or, let’s face it, nefarious snooping government agency) decrypting the passwords I’ve saved on my iPhones ever since 2007 than their obtaining the fingerprint data stored by the Touch ID sensor.
*By “people” we mean our commenters.