YAY! iPhones are more secure…. or are they? The new iPhone 5s touts a security feature currently unheard of in the mobile phone space, finger print access or Touch ID. Will this added security feature make the iPhone a leader in mobile security?The Chaos Computer Club – a Germany-based group of computer hackers – claims to have fooled Apple’s Touch ID fingerprint technology, which debuts on the new iPhone 5s. The YouTube video demonstrating the trick is entitled “hacking iphone 5S touchID” (and is being reported by some organizations similarly although not quite “hacking”). Do consumers really have anything to worry about?
In a blog post describing the procedure, Chaos Computer Club says:
A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The one minute video shows someone using their index finger to register Touch ID on a newly set-up iPhone 5s. Once the setup has been completed, they then apply a tape to their middle finger which, presumably, contains a transfer of the index fingerprint. That unlocks the phone.
The process is tedious and a bit complex for the average person so this isn’t a procedure that someone is likely to casually reproduce just for the sake of unlocking your phone.
Frank Rieger, spokesperson for the CCC explained saying, ‘We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token.’
Apple maintains its fingerprint lock technology “provides a very high level of security,” and the iPhone maker’s website says there is a one in 50,000 chance of two fingerprints being alike.
Apple says the fingerprint lock is just for convenience, and that a passcode should be used to provide additional security.
Beyond someone taking your phone long enough to hack it there are additional concerns. Lets start with law enforcement. A suspect’s smart phone is a potential wealth of information, but a suspect cannot be compelled to disclose the passcode. Fingerprints, however, may be taken against a suspect’s will or on file with the police department. How will this access to the ability to unlock the phone be used to bypass regulations on access to passcodes?
Most of us aren’t hiding illegal information on our phones or leaving our phones alone long enough to have our fingerprints copied and our phones unlocked. However, the iPhone has only been out for less than a week… How will this further develop? What additional concerns will be uncovered? Does this make you nervous? Or is this just as secure as the simple easily decipherable 4-digit passcode of iPhones past? Will bad actors be able to hack your phone and access a copy of your fingerprint and use for their purposes?