The boosted Home button

Image from: Wikipedia Commons

Finally the seemingly useless home button got something useful. Last month, apple released the IPhone 5s. One of the several new features is the so called “touch ID”, which is a fingerprint sensor integrated with the home button.

I am far from a fan of apple, but I always admit that it is one of the most brilliant technology companies. The ultimate goal for high-Tech products is to hide the technology. All that matters is to give a natural experience to the user.

The Touch ID, according to Apple, is the combination of “some of the most advanced hardware and software”. It scans your fingerprint while you press the home button and unlocks the phone if the scanned image matches what you have recorded. This is a complicated process involving sensor recognition, hardware encryption and software optimization.

The Touch ID sensor is hidden behind the sapphire home button. The sensor is thinner than a human hair, housing an 88x88 array of capacitors to catch every detail on your finger (a resolution of 500 pixels per inch). Two noticeable aspect of this high-Tech button is the dark areas on the sensor die and the metal ring surrounding the button. Chipworks imaged the die of the sensor and it is unusual to see that the silicon has been partially etched to provide a recessed shelf within the die area for wire bonds at the top and bottom edges. Although the wire bonds is old-fashioned, this trick allows the chip surface to touch directly to the sapphire disc, minimizing the finger-chip distance and thus maximizing the accuracy. At the front side of the button, the metal ring that everyone notices is more than just decoration. It is actually part of the sensor. This ring detects your finger and wake up the sensor chip before the button is touched. This time interval gives the user an illusion that the matching process happens in no time. He may even forget that the phone is securely protected.

Now, your fingerprint is protecting your phone, but who is protecting your fingerprint? For this, Apple implemented the solution developed by ARM, a microprocessor IP provider. ARM developed the so called “Trustzone” technology, which is a portion on the microprocessor that is only accessible by certain hardware but not any software from the OS system. This hardware encryption makes it impossible for any app to steal your fingerprint information.

Actually the fingerprint technology has been existed for long and Apple is not the first smartphone company to implement fingerprint sensors. Samsung, Moto and HTC all have released products using fingerprint to protect the phone, but no one managed to attract enough public attention. Indeed, technology is one thing; how the fingerprint recognition is integrated with the phone-unlocking process is another. The ease to use sometimes determines. In fact, more than half the users leave their smartphone unprotected to avoid the trouble of entering password. Touch ID seems the best fingerprint based solution that embraces both convenience and security, although it is still too early to conclude. Everything happens with only one press on the button.

Yet Touch ID is not unbeatable. Shortly after the release, the Chaos Computer Club successful hacked it with a fake finger and documented the video. They took advantage of the fingerprint image left on the touch screen to replicate a fake one, which for a daily used phone could be harder but still doable. This is the Achilles’ heel for not only Touch ID, but all biometrics solutions that use individual’s biological trait to secure the information. The words from Frank Rieger, who is the spokesperson of the Chaos Computer Club, really worth attention:

“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”

Our biological information is unique and unchangeable. Plus, most such information is also hard to protect. Take fingerprint for instance, anything you’ve touched will have your fingerprint left on. On the other hand, for something that is not normally accessible, if you are hacked once, you are hacked forever. This makes it extremely essential to protect such information itself. The “Trustzone” technology is good enough to block software attack, but it still needs to demonstrate the protection over forceful read at the hardware itself.

Perhaps, there is no 100 percent security. The implementation of Touch ID may not fully secure your phone, but it definitely makes it harder for someone to break into your phone. Indeed, engineering is the art of trade-offs. If someone has the resources to break into your phone for information, he probably already has many other ways to spy on you. It is also always advised not to store sensitive information in consumer electronics. In this regard, whatever Touch ID provides is sufficient. Most importantly, it is thousand times more convenience than entering password!