A hacker community in Germany claims that they have successfully hacked the fingerprint scanner of the iPhone 5S. If this proves to be true, they may be receiving the crowd-sourced bounty reward that is being offered by a group of hackers and security researchers.
Since Apple officially announced that they were incorporating a biometric scanner into their new iPhone 5S, hackers have been thinking of ways to beat it. It is something that has drawn a number of people to test their skills and claim the rewards for doing so.
Germany’s Chaos Computing Club (CCC), announced today that they were able to bypass the TouchID of the new iPhone 5S. They accomplished this feat, supposedly, by lifting a fingerprint from a glass of water by taking a picture with a 2400dpi resolution camera. They then took this image, inverted it and printed it in a heavy toner version at 1200dpi. Once printed white wood glue or milky pink latex was smeared on the pattern. Once cured, the reproduced print on the latex sheet is separated, made slightly moist with the breath, and placed on the sensor. This unlocked the device.
Here is the video CCC released on YouTube to show that it worked. Granted, you are only seeing the end result, not all the steps leading up to the creation of the fake fingerprint.
If their claim proves to be true, then they stand to claim the few bottles of alcohol, a pornographic book, and the nearly $20,000 that has been raised as the bounty for breaking the TouchID.
Now, let us be honest, the level of security that we employ in our daily lives is more about deterrence than actual security. Also, the level of security we employ in our daily lives is no where near the level of security available to us.
In the mundane world, that means things like dead bolts on doors, single locks on windows, key locks on cars, metal safes with combination locks, and pad-locks or chains for bicycles and the like. The reality is that none of these measures are foolproof. Anyone with the time and tools can successfully by-pass these security measures.
They are, in reality, merely a deterrent from someone trying. Houses still get broken into, dead bolts broken or picked, windows broken or opened, cars unlocked and hot wired, safes broken into or cracked, and bike locks cut; they obviously do not provide unbreakable security. Often you get what you pay for and the better made something is, the longer it takes the-would-be-thief to get through it.
It is much the same for electronic security, whether it comes to phone calls, getting into computers, getting into servers, getting into mobile phones, or any other piece of technology. There are levels of protection that act more as deterrents than fool-proof measures of security. We can make them increasingly complex, increasing the time and likely hood of deterring a would-be-criminal from getting into our device or taking our information. Yet, in our everyday lives we do not employ higher levels of security that might actually protect our data for one simple reason, it is inconvenient. At times the cost can be a deterrent as well, much as it is with physical security, but usually it all comes down to the inconvenience of time.
This is the reason that so many Apple iPhone users have not, or do not, place a four digit passcode on their devices. The time it takes to pull out your phone and input the code is too time consuming for most. Those 15 seconds are precious and, while it is not foolproof, it is a deterrent. On top of that, if someone can’t guess the password in five tries, it gets locked for a duration of time and each wrong input from then on increases the amount of time you must wait to try again; before ultimately getting locked out of the device permanently.
The value of the finger print scanner in the iPhone 5S is not that it is unbeatable security, it is that it is more convenient. Meaning more people will use it, thus increasing the deterrent level of your device and protecting the information on it. As with the passcode, it will not prevent someone from stealing your device, wiping it, and reselling it, however, it will make sure that your personal information is not stolen or misused. This may seem like a small thing, but in our Information Age all information is valuable.
While it may end up being a victory to the hacker community for hacking the scanner on the iPhone 5S, it hardly has larger implications for the consumer of the device. Again, all security is merely a deterrent and if someone is going to go through the lengthy and time consuming process of getting your finger print and making a replica, you probably have larger problems than the average person. What the TouchID really gives consumers is a safe guard for the information they put on their device, not protecting the device itself.
Written by: Iam Bloom