It only took a day for hackers to successfully crack Apple’s new Touch ID fingerprint security, and those responsible are calling into question the wisdom of relying on biometric security for mobile devices.
a hacker group called the Chaos Computer Club posted its technique in a YouTube video, showing that the Touch ID security mechanism can be bypassed by photographing a fingerprint at high resolution, printing it out and using the results to build a fake finger. “It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” a spokesman for the club said. Apple says sales of its 5S devices, which sport the security technology, along with the lower-end 5C devices broke sales records, garnering 9 million in sales over the launch weekend.
Yankee Group Senior VP of Research Wally Swain comments
“I thought that after last year's 'The Dark Knight Rises,' no one would be fooled that fingerprints are a sufficient security technique. Here in Latin America, responsible newscasts widely published an opinion that the finger had to be 'alive' because the device used electrical capacitance of the skin and not just the image of the fingerprint. This was to discourage thieves from cutting off the finger of robbery victims. However, this demonstration seems to belie that opinion unfortunately.
The error is assuming that any biometric technique cannot be bypassed, particularly in a device that costs less than U.S.$1,000. The problem is expectations, not Apple's design.”