When Apple introduced Touch ID on the new iPhone 5s, the company provided some basic information about the kinds of security used to protect users’ fingerprints and data. A new discovery by iMore reveals that Apple has even more security in place than they discussed with the public.
According to iMore, each individual Touch ID sensor is paired with its corresponding A7 processor. To confirm the pairing theory, iMore switched the Touch ID sensors from two brand new iPhones and attempted to setup each device. Each phone failed to recognize the sensors and returned an error until the sensors were swapped back to their original phones.
iMore’s Nick Arnott and Allyson Kazmucha speculate that this is to prevent man-in-the-middle style attacks in which fingerprint data is intercepted between the A7 processor and Touch ID sensor by nefarious third-parties. This explanation makes a lot of sense and seems like a logical security feature for such sensitive data.
You can think of the Touch ID sensor as a key and the A7 processor as a door lock. If every key worked in every lock, it would be easy to simply copy any key and let yourself into someone else’s house. Because each sensor and A7 chip are unique to each other, copying one key (cracking the security on one Touch ID sensor) does not let you into every house on the block. In the event that someone does find a way to intercept fingerprint data on one iPhone 5s, pairing the hardware components helps prevent this hack from working on every other device.
iMore’s entire post is quite interesting and includes a bit more detail about the process of discovering this security mechanism and its potential impact on iPhone security. I recommend giving it a read.