When you are king of the mountain, everyone lines up to take a shot at you, and the iPhone is no exception. In this particular case, security analysts were taking bets on how long it would take for someone to defeat the brand-new iPhone 5s fingerprint scanner. They didn’t have to wait long, as it seems a German hacking group known as the Chaos Computer Club was first to publish a technique they claim will defeat Touch ID’s technology. Though the claim has yet to be independently verified, it has the same trappings as the infamous “gummi bear hack” that poisoned public perception of biometric security measures over a decade ago. In a nutshell, the hack requires a high-resolution scan of the target’s fingerprint, which is then used to create a fake finger from a laser printer and a thin layer of latex.
What this means for you:
According to the Chaos Computer Club, their intent behind publishing the findings was to demonstrate to the public the weakness of fingerprint-based security, pointing out two very obvious weaknesses: (1) we can’t change our fingerprints if they happened to get compromised, and (2) we leave them everywhere we go. Whether or not CCC’s technique proves replicable, it is only a matter of time before other techniques are published, and their points still stand. Multi-factor authentication methods can surmount this particular problem, as can biometric patterns that aren’t so easily replicable (such as your cardiac signature), but the fact remains that the easiest method to gain access to your phone is for someone to gain access to one that isn’t protected at all, either by fingerprint, pin or password. Unless the only thing you use for smartphone for is games, you should always have some form of protection on your phone, and doubly so if you use it to conduct work.