If you discover a security vulnerability in TouchBridge, please report it responsibly:
- Do NOT open a public issue
- Email: security@touchbridge.dev (or open a private security advisory on GitHub)
- Include: description, reproduction steps, impact assessment
- We will acknowledge within 48 hours and provide a fix timeline
- Remote authentication attacks: Biometric confirmation happens on a physical device you hold
- Replay attacks: 32-byte nonces with 10-second expiry and 60-second seen-nonces window
- Man-in-the-middle: ECDH ephemeral session keys with AES-256-GCM encryption on BLE channel
- Key theft: Private signing key lives inside Secure Enclave — never exported, never leaves the chip
- Physical access to unlocked companion device: If someone has your unlocked iPhone, they can approve auth requests
- Keychain items with
kSecAccessControlBiometryCurrentSet: Cryptographically impossible — hardware ACL wall - Sandboxed third-party apps calling
LAContext: Blocked by SIP and sandbox - Compromised macOS kernel: If the kernel is compromised, no user-space security holds
| Property | Implementation |
|---|---|
| Nonce | 32 bytes from SecRandomCopyBytes |
| Nonce expiry | 10 seconds (hard minimum) |
| Replay protection | Seen-nonces ring buffer, 60-second TTL |
| Signing algorithm | ECDSA P-256 (ecdsaSignatureMessageX962SHA256) |
| Key storage (iOS) | Secure Enclave (kSecAttrTokenIDSecureEnclave) |
| Key storage (Mac) | Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly) |
| Session encryption | AES-256-GCM over ECDH-derived key (HKDF-SHA256) |
| Transport | BLE GATT (encrypted) or local Wi-Fi (Bonjour) |
Every authentication event is logged to ~/Library/Logs/TouchBridge/ as NDJSON:
- Session ID, result, device, surface, RSSI, latency
- Nonce values are NEVER logged
| Version | Supported |
|---|---|
| 0.1.x | Yes |