The iPhone 5S fingerprint scanner was hacked in just two days? For those of you who are just hearing the news, there are likely some questions running through your head about Apple and your security. I mean, if this is true, how secure can the new biometric security measure in Apple's latest iPhone really be? The answer: very secure. Should we be worried? Hardly. Let's look at why.
iPhone Fingerprint Scanner Hacked: Should You Be Worried?
Sunday news hit the web that the Chaos Computer Club (CCC), a well-known group of hackers, had managed to crack the security on the iPhone 5S' revolutionary finger print scanner, the Touch ID. In a blog post on the CCC's website Sunday, the hackers wrote:
"The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID".
The post then went on to berate Apple for using a fingerprint scanner on the new iPhone 5S Touch ID as, according to the group, "fingerprint biometrics is unsuitable as access control method and should be avoided".
Though it was certainly inevitable that the Touch ID fingerprint scanner on the iPhone 5S would get hacked, the feat was most certainly expedited by the fact that, earlier in the week, several well-known names in the hacking community began an online contest to hack the iPhone 5S fingerprint scanner. Several threw together a pot, offering a bounty to the first person with proof they had hacked the biometric lock. Setting up the site, istouchidhackedyet.com, @nickdepetrillo got the game going as he tweeted "I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100 ... all I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print."
The game, which began the moment the iPhone 5S could be purchased on Friday September 20, 2013, had only really just gotten started when the Chaos Computer Club came forward with their findings, posting the following video clip to prove the iPhone 5S fingerprint scanner had been hacked.
WATCH: iPhone FingerPrint Scanner Hacked By Chaos Computer Club [VIDEO]
In posting his proof, Starbug, the CCC member who performed the experiments leading to the iPhone fingerprint scanner hack, shared his thoughts about Apple's new biometric technology. According to the hacker, no matter how it's been advertised, the iPhone Touch ID is still not much more secure than other fingerprint scanners of the past which have failed at avoiding circumvention. "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake," Starbug said. "As we have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
Of course reading this, many who have just gone out and purchased or ordered their shiny new iPhone 5S may be feeling a little apprehensive. I mean, after all, Apple told us this new fingerprint scanner would protect us, right? How was it hacked so quickly and are we just paying for a gimmick? Although, yes, the iPhone fingerprint scanner was hacked somewhat quickly, when it comes to the everyday user, it is still an excellent option and does increase security quite well. Here's why.
Why The iPhone Fingerprint Scanner Being Hacked Shouldn't Worry You
1) Ease of use makes more people more secure: OK, though we can't be sure how many people will admit it, but we'll bet that very few iPhone users actually use the 4-digit pin they are allowed to set on our iPhones. I'm ashamed to say it, but I owned my iPhone 5 for nearly a year before I ever put one on mine. It was only when I heard the statistic that roughly one in three thefts involved an iPhone I finally decided security was more important than quick entry. I can't find any relevant statistics on this, but I would wager to say at least 50 percent of iPhone users do not even secure their devices via pin password, making them incredibly vulnerable. With the fingerprint scanner, however, I could see the percentage of users enabling the passcode being pretty darn near 100%. Plus it's super cool, too, right? So not only is it cool to use the scanner, the average user is already far more secure because IT'S ACTUALLY BEING USED!
2) Hacking the fingerprint scanner a huge headache to accomplish: Okay, so we're here freaking out because a group of HACKERS were able to hack the iPhone fingerprint scanner. But, if you take a look at the method, you'll probably worry less. First, you have to take a high-resolution photograph of a fingerprint. This would mean you need a high-resolution camera, of course. This, in my mind, would immediately eliminate most petty thieves. Second, you've got to scan it. Then you have to laser print it onto a transparent sheet. Then you have to cover it in wood glue. Then peel the print copy off and press it on the scanner. Now, ask yourselves: how many thieves are going to go through all this effort to unlock your phone? Not many. And the ones who would, I guarantee, would have found another way around your security anyway. The point, you should be feeling a lot less worried by now.
3) Thieves still have to bypass iOS 7 Activation Lock security: OK, last but not least, even if a thief gets your iPhone and the fingerprint scanner is hacked, remember: iOS 7 prevents reprogramming without your Apple ID or password. That's right. The device's associated Apple ID and password must be entered before a device can be wiped clean of its memory and be reset. For most thieves this is a biggy, and so, even if they can bust in to you iPhone, they don't have your ID and there is a lot that can't be done — including resetting your device. The security measure in iOS 7 are so good in fact, NYC police are actually advising iPhone owners to update to iOS 7 as soon as possible to lower crime related to iPhone theft.
All in all, despite the fact a groups of hackers were able to crack the iPhone fingerprint scanner, for the everyday joe, this news is something you really shouldn't be too worried about.
TouchID is meant to deter the common thief, and is FAR more secure than 4 digit pin. It's not meant to protect from James Fucking Bond.
— Robert A. Petersen (@Sonikku_a) September 22, 2013
It was never matter of *if* Touch ID could be fooled, but *how*. The how is still outside the grasp of casual criminals. — Nick Arnott (@noir) September 22, 2013
Touch ID isn't 'hacked' until someone can get into your fingerprints from software, breaking out of the Secure Enclave — Steve T-S (@stroughtonsmith) September 22, 2013
Re: this: http://t.co/wWkuvFAMov The relevant question is, is it more secure than a 4-digit password? Answer is still yes.
— John Gruber (@gruber) September 22, 2013
— Robert A. Petersen (@Sonikku_a) September 22, 2013