Touch ID

• Question: isn’t the fingerprint data just stored on the hardware register and equality checked anyway?
• No, a hashed version is stored. Input is hashed to check it against it.
• In a secure “sandboxed” region called the security enclave
• only part of fingerprint, not whole thing (a sample)
• How do you create a sandbox in hardware?

Resources

• https://securosis.com/blog/investigating-touch-id-and-the-secure-enclave

• https://support.apple.com/en-us/HT204587

• https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web