News by Andrew Kameka on Monday September 23, 2013.
|Sponsored links, if any, appear in green.|
No, Touch ID is not the super-secure locked down solution that some might have hoped Apple's fingerprint sensor would offer to the iPhone 5. A group of hackers have already managed to bypass the security settings. The Chaos Computer Club has published a report and video claiming that it managed to get around Touch ID using "easy everyday means." Here's how the CCC describes the process:
1. First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution.
2. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting.
3. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet.
4. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
I wouldn't exactly call that the easiest thing to do because the average person isn't going to know how to easily lift prints and reproduce this workaround. Unless someone is the subject of a Bourne-like international conspiracy or under police surveillance, it's unlikely that someone will stalk him or her long enough to obtain an object with a clean print that can be replicated. The more legitimate concern is that someone's rights could be violated while in police custody and have his or her fingerprints used to snoop on a phone. In that case, Touch ID would not be an ideal security measure; the same can be said of Android's Face Lock or any other solution.
Security will always be circumvented one way or another. It's important not to view the iPhone 5S as a perfectly secure device. Touch ID is designed to offer convenience to more quickly unlock a device rather than enter a four-digit PIN. Your phone is not Fort Knox, so users have to weigh the pros of ease and the cons of vulnerability.
Here's a video demonstrating the Touch ID vulnerability.
Chaos Computer Club, via: The Verge
Andrew is MobileBurn.com's managing editor. He is based in Miami, Florida.