Well, that didn’t take long. The iPhone 5s was released on Friday with its Touch ID fingerprint-scanning security technology, and it looks as though it may have already been hacked. In fact, it had already been done by Saturday, when the Chaos Computer Club (based in Germany) claimed to have done so, providing a video as evidence.
“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” writes Frank from the Chaos Computer Club in a blog post. “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.”
The blog goes on…
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake”, said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
Here’s Apple explaining how great the feature is:
At least the severed finger approach is apparently bogus.
It will be interesting to see if others go on to duplicate the process the Chaos Computer Club has demonstrated or display other ways of achieving the same goal. Last week, a site called IsTouchIDHackedYet.com was formed for rewards to be given to the first to hack it. Here’s the message that the site says at the moment:
Maybe! The The Chaos Computer Club in Germany may have done it! Awaiting video showing them lifting a print (like from a beer mug) and using it to unlock the phone. If so, they’ll win…
It seems like there’s always something with these major iPhone releases. Remember antennagate? Then last year it was Apple Maps, which Tim Cook actually apologized for in a letter. Granted, that was more software-based, but it came with the iPhone 5 launch.
We’ll have to keep an eye on the TouchID situation, and how big of an issue this turns out to be. Perhaps we’ll be seeing another apology.
Meanwhile, the feature is already drawing scrutiny from lawmakers.
The feature is optional, so if you bought a 5s, you can take comfort in the fact that you don’t have to use it.