The iPhone 5s marks the entrance of a prominent manufacturer who is willing to place money on fingerprint scanner technology. As such, Apple has put some big plans into place with regards to upping the security on their flagship devices with TouchID. However, even though the iPhone 5s was only just released to the general public for sale, the Chaos Computer Club has already managed to bypass the biometric security features of the iPhone with a lifted fingerprint.
When it comes down to it, this really shouldn’t come as much of a surprise. The moment TouchID was revealed during the Apple presentation, it was basically creating a giant bull’s eye for computer and hacking clubs to aim at. The method itself is pretty impractical and includes having to either lift a fingerprint or have a high-resolution image (2400 dpi) of the fingerprint. From there, the image is inverted and printed by laser printer on transparency film. The club then uses skin-colored latex milk or white wood glue to create a fingerprint imprint, which, when moistened slightly, can be used to unlock the iPhone. Simple, right? It doesn’t seem like a method that will be used on your stolen iPhone from the common criminal and besides, when your phone is stolen are they more likely to want to try and access your Facebook profile or are they going to want to get rid of it quickly and resell the device?
While this will not be a method to quickly and efficiently unlock a stolen iPhone, it opens up the realm of possibility for it to happen. And if this is a method discovered just a week after the official release of the product, what else is in store for biometric security? Surely other methods to circumvent the biometric scanner will come up in coming weeks and I think that it’s just a matter of time before these start popping up all over the place.
And while some, like myself, might argue that the intention was never for TouchID to be considered an all-inclusive security feature, but rather more of a measure to keep friends and family from accessing your device when you don’t want them to, it brings to light a flaw in terms of biometric security. The technology is not new and has been incorporated in many corporate settings over the past decade, however, even in that setting it has never been considered to be a fool-proof system.
So while TouchID might have been “hacked”, I don’t think it comes as much of a surprise and shouldn’t be considered as a downfall for the security of mobile devices. If we’re moving more towards a security system that incorporates biometrics as one of the “gatekeepers”, just remember, it’s a lot easier to withhold a security code from someone than it is to withhold your fingerprint.
For some more information of some bypasses that are currently present for the iPhone, check out Kris' article here.
Source: Chaos Computing Club