sciencetech-blog

comments

Apple hasn't had the best track record in terms of security on iCloud recently - and now the tech giant is suggesting storing fingerprints on the online service.

A patent awarded earlier this week reveals plans to let Apple users store their fingerprints in the cloud, which could then be used on other devices with biometric sensors.

As the files revealed, after the prints are stored online, the user could press the TouchID scanner on any Apple device to sign into accounts and make payments.

The patent (pictured) was filed by the Californian tech giant in July 2013 and awarded yesterday. The files detail a system that would let users store their fingerprints on iCloud, which could then be downloaded and used when touching a biometric sensor on another device

The benefit of doing this would mean people wouldn't have to record their fingerprints across multiple devices, which Apple described in the patent as 'cumbersome.'

But, it would mean the fingerprints would be much easier, potentially, to be accessed by hackers.

In theory, hackers would be limited with what they could do with a file of a fingerprint, but last month a team of security researchers was able to recreate a physical print using just a high-resolution photo - highlighting the dangers.

According to the 'Finger biometric sensor data synchronization via a cloud computing device and related methods' patent: 'A common approach to fingerprint identification involves scanning a sample fingerprint or an image, and storing the image.

Once a fingerprint is stored online, each time the user tries to use a TouchID sensor on any Apple device, the prints would be matched. And to allay potential privacy concerns, Apple explained that a user would have to validate their Apple ID account before registering their prints

To verify an account and fingerprint, the user would need to enter a username, password and pass code. The fingerprints would then be encrypted and sent to iCloud. To verify the print on the second device, the user would equally need to be signed into iCloud, and the prints would need to match

'The characteristics of a sample fingerprint may be compared to information for reference or enrolled fingerprints already in a database to determine proper identification of a person, such as for verification purposes.

'Despite the existence of such fingerprint matching techniques, enrollment may become cumbersome for users in some instances, such as when multiple fingerprints, users, and devices are used.'

With this in mind, Apple proposes an electronic system that uses a biometric sensor and a so-called 'first processor'. The processor collects biometric data from a sensor.

The system would then include a cloud computing device that would upload and store the data.

APPLE'S RECENT ICLOUD HACK

Last year, Apple's iCloud fell victim to hackers who stole photos from a number of its celebrity users including Jennifer Lawrence (pictured)

Last year, Apple's iCloud fell victim to hackers who broke into the online service and stole photos from a number of its celebrity users.

These photos, including some that were nude selfies uploaded by celebrities such as Jennifer Lawrence, were then posted online.

Following the news, Apple said it was 'outraged' by the attacks, and said they were the result of 'a very targeted attack on user names, passwords and security questions'.

It advised worried customers to update their accounts with a 'strong' password and enable two-step verification.

The hackers are believed to have used iCloud's password reset function to gain access to accounts.

This allows users to reset their password by entering their username, date of birth and correctly answering two security questions.

Experts said this information should be relatively easy to find for celebrities. 

Last year, Apple's iCloud fell victim to hackers who broke into the online service and stole photos from a number of its celebrity users. These photos, including some that were nude selfies, were then posted online. Following the news, Apple said it was 'outraged' by the attacks, and were the result of 'a very targeted attack'

A second phone, with a second biometric sensor, and a second processor would 'collect to-be matched finger biometric data' from the second device, and download data from the cloud.

The fingerprint data collected by the second sensor would be matched with the encrypted online data, and access would be granted.

Put simply, once a fingerprint is stored online, each time the user tries to use a TouchID sensor on any Apple device, the prints would be compared and matched.

And to allay potential privacy concerns, Apple explained that a user would have to validate their Apple ID account before registering their prints.

This would require the username, password and pass code.

The fingerprints would be encrypted and sent to iCloud.

To verify the print on the second device, the user would equally need to be signed into iCloud, and the prints would need to match.

As well as a phone or tablet, the 'second device' could be fingerprint scanners in shops that work with Apple Pay.