Apple has filed a patent for a mechanism through which its customers’ biometric data is synchronized between their assorted Apple devices, via the company’s iCloud storage service.
If the patent is an indication of something Apple is working on — many of the patents filed by technology companies never become real products — it could undermine some of the company’s claims that biometric data will remain as secure as possible.
The iCloud service hasn’t had the best track record over the last few months. First it was revealed that Apple hadn’t used a basic security feature for the service’s website; then the company had to update the service after a hacker showed accounts were still vulnerable.
Fingerprints used to unlock iPhones and iPads or make purchases are currently kept on those devices’ internal storage. Moving that information to iCloud, or at least using the service to transfer the information from one device to another, could be much less secure.
Which isn’t to say that using a fingerprint with Apple’s products is all that secure to begin with. A researcher demonstrated to the Chaos Computer Club in December that he could recreate fingerprints from public images. On top of that, securing a device with a fingerprint instead of a passcode could allow law enforcement officers to access the device without a warrant.
But at least the current system requires hackers and police to have physical access to an iPhone or iPad to compromise the biometric information. Sending all that data off to the cloud — especially when that cloud is as insecure as Apple’s — exacerbates the issue.
[illustration by Brad Jonas]