New iPhone 5s fingerprint 'hack' no credible security threat

Updated happygeek 2 Tallied Votes 562 Views Share

In my DaniWeb report on the launch of the new iPhone 5s from Apple, I stated that you could "forget the fingerprint scanner built into the new circular home button" but I knew all along that was never going to be the case. In context, I was focusing upon what I think is the most innovative and important feature of the new iPhone; namely the 64bit chip that powers it. Of course the fingerprint scanner is an innovation, in as far as it will now drive other manufacturers to consider implementing biometrics on devices such as smartphones and tablets as a norm rather than an optional exception.

In that same review I also said "even before anyone has tried the Touch ID system the Internet seems to be filling up with people saying it won't work" and implied that the sub-epidermal scanner with a 500 pixel-per-inch resolution was pretty good technology, and along with the locally encrypted fingerprint data (not image) would be a pretty safe additional layer of security for a mobile device such as this. Of course, plenty of people disagree with me and there has been lots of coverage online and in print media regarding cat paw prints unlocking iPhones, toddlers using the finger of a sleeping father and even hacker groups moving into James Bond territory with manufactured fingerprint copies fooling the scanner. Let's dismiss those one by one, starting with the cat: yes it works, if you let your cat register a paw print in the first place. So that's just a bit of diversionary nonsense for the media to pounce upon. Similarly with the sleeping dad thing, a mere diversion and yes, I appreciate that your iPhone could be unlocked in this way just the same as if someone held you at gun point and forced you to scan your finger or, and get this for a revelation, type in your PIN or password. As for the Chaos Club synthetic fingerprint copy technique, again I will not deny it works but I will say that the chances of anyone going to those lengths to get access to MY iPhone is are remote that I am not going to lose any sleep over it.

Which brings me on to the latest shock, horror, the iPhone fingerprint scanner sucks story to hit the headlines. The Hacker news is reporting that an Iranian group has 'defeated' the TouchID biometrics of the iPhone 5s by enabling it to be unlocked by multiple fingerprints. This sounds very serious at first glance, what with the whole 'every fingerprint is different' thing that we all think holds water. Actually, there is plenty of scientific research out there (go Google it) on fingerprint similarity which shows that partial prints can be very similar even if entire ones are not. Indeed, Apple itself says that the chances of TouchID 'misreading' a fingerprint is 1 in 50,000 courtesy of looking at partials from the scanned print rather than exact matches.

So, this new report IS really worrying then? Well, no, not really. The video that accompanies the story shows that the group simply used a bunch of people to setup the TouchID security on the iPhone, each registering their own fingers to produce a 'multiple' print if you will. The rather unsurprising result being that any of them could then unlock the iPhone as it recognised the partial prints of each rather than the complete print that was stored.

Hacker News concludes from this that fingerprints taken by TouchID are not unique to the user. I, on the other hand, conclude that it proves nothing in terms of being a security threat than you shouldn't let your mates register their fingerprints as your fingerprint when setting up your iPhone 5s biometric security layer.

Kelly Burby 44 Posting Pro

i found finger print intresting in iPhone and never ever think that there might be any flaw. But after reading this article, i don't know how to react.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.