Update: check the latest version of Xcitium’s free mobile security app
When Apple announced the Touch ID technology that rolled out with the new iPhone 5, it sounded like science fiction. Your phone can now be secured by your own fingerprint. Can the retinal (eyeball) scanning made famous in films like Mission Impossible be far behind?
The age of biometric security has begun!
Or not!
Unfortunately, the technology appears to have a fatal flaw. After only 2 days on sale, a German hacker named Starbug published a video demonstrating how it can be circumvented. What I found most interesting, and to be honest amusing, is that their solution seems simple and rather obvious. The problem with fingerprints for security is that you leave a trail of them everywhere you go.
You leave them on your desk, keyboards and drinking glasses. Working with a group called the Chaos Computer Club, Starbug simply demonstrated that it is easy to copy inadvertently left prints and use them to unlock the phone.
The hard part is creating a fake print that tricks the sensor into thinking it is from a live finger. When Apple first announced the technology, Apple assured the public that thieves won’t be chopping off fingers to access iPhones. The sensor is able to tell that the print is from a live person.
Chaos demonstrated that with a very high resolution scanner, a little latex and just the right chemical treatment a faux fingerprint can be pasted on a live persons finger that fool the Touch ID sensor. For their efforts, the group is claiming a reward offered by by Security Researcher Nick DePetrillo. Petrillo has collected at least $14,000 in donations to use as prize money for demonstrations of successful hacks of the Touch ID.
It seems that despite all the hoopla, you would be more secure by simply using Xcitium Mobile Security for the Android. Go figure!