Apple’s latest security feature isn’t that secure. A cadre of German hackers called the Chaos Computer Club is claiming they were able to outwit the fingerprint security feature on the iPhone 5s less than three days after it went on sale.
The iPhone 5S is supposed to be the most secure smartphone on the market. The phone contains a biometric reader that is able to recognize fingerprints. If the phone user wishes, he or she can program the device so that you can only open it by putting your finger on the reader.
The Chaos Computer Club says its members were able to open an iPhone 4s and overcome Apple’s Touch ID biometric sensor by using a photo of the user’s fingerprint. The Chaos Club is so confident of its hack that it has actually boasted about it at its website and created a YouTube video that can show anybody how to hack the iPhone 5s.
The cracking method shown in the video is actually pretty low tech. The hacker simply tapes a fake fingerprint over the phone screen and turns it on. The fake finger print is made of wood glue smeared on a piece of plastic that contains a copy of the fingerprint.
An Illusion of Security
In its blog post, the Chaos Computer Club blasted fingerprint biometrics as providing an illusion of security. Their words are quite alarming and definitely a wakeup call for those who think fingerprint biometrics can protect us.
“It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” Chaos Computer Club computer spokesman Frank Rieger stated. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
A Chaos blog post said “iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked.” The other reason: A person wanting access to an iPhone 5s with a biometric lock would only have to force the phone’s owner to put his or her finger on the phone.
The club noted that an arresting police officer could easily force a person in custody to do that. To make matters worse, a robber could also force use you to put your finger on your iPhone 5S and unlock so he could use it or have access to your data. A finger from an unconscious person or a dead body supposedly could be placed on the screen to open the device.
The moral of the story: If you want to keep your smartphone or tablet secure, do it the old- fashioned way with a password you change on a regular basis. Apple’s biometrics are simply a marketing gimmick that provides no real security.
Privacy Concerns as Well
If that wasn’t bad enough, some observers think a hacker might able to use the iPhone 5s to steal your fingerprint and impersonate you. Those concerned include Saturday Night Live funnyman turned U.S. Senator Al Franken (D-Minnesota).
“Let me put it this way: if hackers get ahold of your thumbprint, they could use it to identify and impersonate you for the rest of your life,” Franken wrote in a letter to Apple CEO Tim Cook. Al Franken noted that you can change your password any time you want but you cannot not change your fingerprint.
In his letter, Al Franken noted that fingerprint data from an iPhone 5s could be shared with a backup computer. He also noted that Apple could be storing and saving fingerprint information. Franken also pointed out that under U.S. law, the FBI has the power to compel Apple to turn data including fingerprint information, over to it in certain circumstances.
He also noted that the Patriot Act gives the Bureau the power to request certain subscriber information and transactional records from companies using a special warrant called a National Security Letter. Such letters are classified so they cannot be revealed to the public.
It looks like a feature that Apple claims can protect privacy is making its users more vulnerable.