Establishing Digital Trust: Don't Sacrifice Security for Convenience
Less than 48 hours after the iPhone 5S was officially released, members of Germany's Chaos Computer Club (CCC) demonstrated a method of bypassing the new device's TouchID fingerprint security (h/t Gizmodo).
"A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5S secured with TouchID," the hackers said in a statement. "This demonstrates -- again -- that fingerprint biometrics is unsuitable as [an] access control method and should be avoided."
Hacker Starbug, who demonstrated the hack in a YouTube video, said, "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics," CCC spokesperson Frank Rieger said in a statement. "It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token."