Touch ID Hacker Says Fingerprint Biometrics Fundamentally Insecure in Interview

touch id hacked

When Apple introduced the Touch ID with the iPhone 5s, it highlighted the security feature it brings, which started us wondering if and how it can broken. We now know that the Touch ID can be cracked — but not as easily as some of us might have thought, and we have even got an insight into how to break it. But the question of why had remained open until now.

What was the motivation of the Berlin-based Chaos Computer Club to hack Touch ID? Was it the prize? No. The motivation behind cracking Touch ID was to unveil how insecure fingerprint biometrics are and to take the “wow” factor from the false feeling of security, a hacker speaking with Fast Company revealed.

In other words, when Apple says “sub-dermal’ tech, they mean “higher resolution”: biometrics have been flawed ever since they have been around, and the sensor could be circumvented by exactly the same process used to crack other fingerprint sensors.

What raised concern among the hackers of Chaos Computer Club is privacy: from their perspective, using your fingerprint for authentication is unacceptable, because of the same factors Apple says Touch ID is safe. Because it is unique, it is always with you. However, they go beyond that and think about the consequences: every activity done on your iPhone can be connected to your person. And that means anonymity becoming history.

Touch ID is the first instance of ubiquitous biometric identification that may lead to a world where nearly every activity you conduct–-online or offline–-will be tied to your person. Anonymity will be a thing of the past. In order to prevent this from happening, showing that fingerprint biometrics is fundamentally insecure and should be avoided is a useful step. Also, the tech press was going overboard with its security claims, which had no base in reality. So we just had to break it.

These are just a couple of thoughts shared by the hacker. The whole interview is a must-read for both privacy advocates and regular users. To read it, follow this link.