Latest Breaking News

First of all, there's a dedicated "enclave" in the iPhone 5s processor that's used solely for the purpose of storing encrypted data related to Touch ID. Its only connection to the rest of the iPhone's hardware is a function to say, "Touch ID check OK/Fail." The notion that someone could grab this data via a Bluetooth connection is ludicrous Hollywood "hacking" BS.

Second, the iPhone doesn't actually store fingerprint data in the first place. The iPhone 5s maps your fingerprint and converts that into a string of data (a one-way hash), then holds onto that chunk of data. The next time you put your paws on the phone, the same hashing process produces another data chunk; the two chunks -- not the two fingerprint images -- are matched up to allow access. In fact, assuming the hashing process works the same way as it does for existing iPhone passcodes, the fingerprint data is encoded in a way that's specific to that individual phone (salted). Copying it anywhere else would be useless. [Have we been hearing about hacker gangs remotely stealing iPhone passcodes via magical processes to use them elsewhere? No, we have not -- and if we had, it would almost certainly be via social engineering or visual spying as the phone is unlocked, both of which are impossible with Touch ID. –Ed.]

Anyone who somehow managed to access the iPhone's Touch ID circuitry and extract the hashed data would just find a string of alphanumeric gibberish, not a 3D-printable set of whorls and ridges ready to be turned into a latex Mission:Impossible-style fake finger. My TUAW colleague Dr. Richard Gaywood, who knows a thing or two about this stuff, says turning that data back into a readable fingerprint "would be like taking a cake, eating half of it, smashing the rest up with a fork, then giving it to someone and asking them, 'How much did the whole cake weigh, and what message was written on the icing that was on top of it?' "

http://www.tuaw.com/2013/09/22/iphone-5s-fingerprint-sensor-gets-completely-misunderstood/