Hackers Find Fatal Flaw Of Fingerprint Security in Apple Touch ID Thwarted
Update: check the latest version of Xcitium’s free mobile security app
When Apple announced the Touch ID technology that rolled out with the new iPhone 5, it sounded like science fiction. Your phone can now be secured by your own fingerprint. Can the retinal (eyeball) scanning made famous in films like Mission Impossible be far behind?
Age of Fingerprint Security
The age of biometric security and fingerprint security has begun!
Unfortunately, the technology appears to have a fatal flaw. After only 2 days on sale, a German hacker named Starbug published a video demonstrating how it can be circumvented. What I found most interesting, and to be honest amusing, is that their solution seems simple and rather obvious. The problem with fingerprints for security is that you leave a trail of them everywhere you go.
Chaos Computer Club Fingerprint Security
You leave them on your desk, keyboards and drinking glasses. Working with a group called the Chaos Computer Club, Starbug simply demonstrated that it is easy to copy inadvertently
left prints and use them to unlock the phone once your using fingerprint security.
The hard part is creating a fake print that tricks the sensor into thinking it is from a live finger. When Apple first announced the technology, Apple assured the public that thieves won’t be chopping off fingers to access iPhones. The sensor is able to tell that the print is from a live person.
Chaos demonstrated that with a very high resolution scanner, a little latex and just the right chemical treatment a faux fingerprint security can be pasted on a live persons finger that fool the Touch ID sensor. For their efforts, the group is claiming a reward offered by by Security Researcher Nick DePetrillo. Petrillo has collected at least $14,000 in donations to use as prize money for demonstrations of successful hacks of the Touch ID.
Xcitium Fingerprint Security
It seems that despite all the hoopla, you would be more secure by simply using Xcitium Mobile Security for the Android. Go figure!