iPhone fingerprint security cracked

Posted on: Mon, 09/23/2013 - 00:39 By: Tom Swiss

Surprising no one with a clue, Apple's much-buzzed-about fingerprint security for the new iPhone has been cracked.

Outside of high-security environments where you can verify that someone is putting their actual finger or eyeball to the scanner rather than a mock-up, biometrics are almost always a bad choice. They actually rely not on "something you are", but "something you have" -- something that matches what the scanner is looking for.

Plus, you can't revoke your finger the way you can a keycard; and what happens when your fingerprint changes? (People do suffer injuries.) You need a password or token as a backup anyway.

CCC | Chaos Computer Club breaks Apple TouchID

The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.

...

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."