What Does the Touch ID Hack Mean for the Average Consumer?

iphone-5s-touch-ID.jpg

In case you were wondering whether the Touch ID can be hacked: yes, it can be hacked and the guys from the Chaos Computer Club have done it, in just a couple days after the handset was launched. The hack it is legit, it was confirmed by multiple sources, even Marc Rogers. Does this mean the Touch ID is just a marketing fluff? No, it is still an awesome security feature of the iPhone 5s, and Marc Rogers explains why.

Well, thanks to a great incentive coming from IsTouchIDHackedYet.com, the iPhone 5s’ security feature, Touch ID was hacked in just 48 hours after the handset hit the stores. But does this mean it is flawed and should be avoided? The truth is, this isn’t just black and white: the flaw is there, so Touch ID may not fully act as the ultimate security feature, but this isn’t something the average consumer should start worry about, because exploiting the flaw isn’t that simple as you may think.

Rogers points to the list of necessary tools to successfully hack the Touch ID and the bill of materials goes beyond the value of a 64Gb iPhone 5s. But this isn’t all: you need some skills as well.

Here is how Rogers summarizes the current state of Touch ID:

TouchID is not a “strong” security control. It is a “convenient” security control. Today just over 50 percent of users have a PIN on their smartphones at all, and the number one reason people give for not using the PIN is that it’s inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.

In other words, Touch ID isn’t THE best security feature, but considering that a many iPhone users don’t use a passcode at all to protect the content of their handset — a timely question, as we have more sensitive data on our smartphones than ever before — it is better than having no passcode at all.

And as John Gruber of Daring Fireball notes regarding the passcode: “it seems far easier for me to spy on someone entering their PIN than it would be to capture a high-resolution fingerprint (from their correct finger) and reproduce it in a way that works to fool Touch ID.”

So what do you choose: passcode or Touch ID?

Technology enthusiast, rocker, biker and writer of iPhoneinCanada.ca. Follow me on Twitter or contact me via email: istvan@iphoneincanada.ca

  • Seamus

    I don’t have to worry with my girlfriend/fiancée ever finding out me cheating with this! I can sleep comfortably!

  • Slamingo

    Considering that my 8 year old figured out my passcode by looking over my shoulder, Touch ID it is (and for now, a non-simple passcode)

  • steve81

    She’ll just put your finger on it while you’re sleeping. You’re better off with a second cell phone.

  • J. W.

    I’d say, it’s a nice addition. It takes more effort to crack than than a swiping pattern or 4-digit number.

  • I agree with J.W. Nice addition. Unfortunately it’s not quite the groundbreaking achievement Apple is advertising it to be.

  • ryanrobert

    2nd cell phone is a bad idea. Just ask Walter White.

  • Walter Junior agrees.

  • Jim

    “hacking” his own phone with his own finger print.

  • steve81

    Here’s how it is.

    Touch ID is disabled in the following conditions (user is required to enter his passcode):
    – The device has been rebooted
    – The device hasn’t been unlocked in the last 48 hours
    – There has been 5 failed attempts to use Touch ID

    Apple should add another one to that list : the nano-SIM card has been removed.

    I got Control Center and Siri disabled from the lock screen, making it impossible to turn off Cellular Data without removing the nano-SIM card. I’ve tested this and I’m disappointed to see that TouchID is still working after taking out the nano-SIM.

    If the Touch ID hackers could not remove the nano-SIM, this would give me enough time to remotely wipe the device before they can hack Touch ID.

  • Alan

    i dont understand… im just stomped by your stupidity. hacked?
    what is hacked?

    you would have to:
    1. steal the person’s phone AND
    2. get the fingerprint from that person
    in order for this “hack” to work….

    so how secure is touch ID? VERY…..

    i think you have better chance of hacking the nuclear power facility…

    because you just need a fingerprint from the person working there….

  • WW

    Walter White is a fa***t

  • Anon

    Just wait one day when you fall asleep on your couch.

  • El Cockblock

    Exactly, kids are the most evil little f**kers when they want to get their way with their parents. And wait till he hits puberty…

  • rob0302

    I dont consider someone unlocking the device with a copy of my fingerprint as being “hacked”. How many people have the knowledge and the skill to be able to do this? How many of these people would waste this ability and time to hack MY iphone? Where would someone get a good enough copy of my fingerprint to even create the apparatus to unlock my phone?

  • Fil

    seems like you guys are all missing the point. he scanned a fingerprint from the iphone screen and then reproduced it to unlock the phone.

    http://vimeo.com/75324765

  • its SO easy

    Right off the device itself

  • ThinkAgain

    Criminals don’t hack hardware, they hack people. This feature is a convenience, that’s all. It doesn’t make you smart, it doesn’t stop you from getting phished. The only “hack” I can remember in recent history that did not involve phishing are the guys who put a wireless KVM switch on the bank teller’s computer. Even there, they hacked a person to allow them access to the computer in the first place.