Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple's TouchID Fingerprint Scanner: Still Hackable

Posted by Soulskill on from the upgrade-your-thumb dept.

electronic convict writes: A year ago, security researcher Marc Rogers demonstrated how to spoof the TouchID sensor in the iPhone 5S using some Elmer's glue and glycerol — oh, and a high resolution camera and a laser printer. Has TouchID security improved at all on the iPhone 6? Not really, Rogers reports in his latest post, in which he again hacks the iPhone 6's TouchID sensors using the same method as before. "Fake fingerprints created using my previous technique were able to readily fool both devices [the 6 and the 5S]," he reports. Rogers, however, says there's no reason to panic, as the attack requires substantial skill, patience and a good clear fingerprint. As he writes: "We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats."

4 of 70 comments (clear)

  1. Other hackable things by BasilBrush · · Score: 4, Insightful

    The summary mentions locks and keys as also being hackable. Also combination locks, face recognition, mag stripes, signatures, DRM, many forms of encryption, passwords, captchas, PINs, ATMs Online banking, credit cards. In fact there is precious little security that isn't hackable.

    Of course this isn't going to stop people here ragging on TouchID.

  2. Indeed by Cloud+K · · Score: 4, Insightful

    It should be perfectly fine for the average person protecting their credit card details from thieves and their porn from their partners.
    People who go to these lengths would surely be either:
    Really determined for some reason (in which case they'd probably social engineer it out of you or something)
    People who'd just cut your finger off
    The police (at which point they've already obtained your phone and fingerprint)
    The NSA (who probably already have a backdoor)
    Either way, it's more secure than your typical 4 digit PIN or pattern unlock.

    If you need more than that, you'd probably use some tedious-to-type ultra secure battery horse staple thing anyway.

  3. Law Enforcement by organgtool · · Score: 4, Insightful

    This will likely make life even easier for law enforcement as they can easily get the owner's fingerprints to unlock the device as opposed to a password which requires cooperation from the suspect (or a back door or password cracker).

  4. Sudden outbreak of common sense by sootman · · Score: 4, Insightful

    "We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats."

    Thank you, submitter and Slashdot, for not going for sensationalism and leaving this out of the summary.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.