22 September 2013Chaos Computer Club:
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple’s TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
Using the same loose definition of hacking, you could say that the door lock was “hacked” when people could clone keys using soft putty.
You could argue what a real hack of Touch ID would be1, but that is beside the point. Touch ID remains relevant as long as it can provide more security than a four digit passcode.
1 I will be impressed when someone can extract the fingerprint hashes from the A7 chip.