It’s official: CNET reports that a white-hat hacker group based in Germany has successfully hacked the iOS 7 Touch ID fingerprint authentication feature. The bad news for Apple is that the mobile security revolution touted for iOS 7 didn’t even last two days.
The good news for Apple? The hack is not easy or convenient, and it requires access to the user’s fingerprint. Which means that the authentication feature will still offer pretty good security protection for iPhone 5s users.
The even better news for Apple? The fingerprinting feature made a splash, but was never a key selling point for the consumer marketplace. It would not take you very long to fingerprint the number of people who will take a pass on the iPhone 5s just because Touch ID got hacked.
Your Fingerprints, Please
According to Seth Rosenblatt, reporting at CNET, independent security experts have confirmed the successful hack of the Touch ID fingerprint authentication feature provided by iOS 7 and supported by the new iPhone 5s.
The hack was originally announced by a member of Germany’s Chaos Computer Club. The researcher, called Starbug, put up a video demonstrating his technique, which seems to involve duplicating a fingerprint onto a thin strip of latex, then using the copy to unlock the phone.
Full details of the process have not been released, but Starbug’s video showed the iPhone 5s being unlocked by a person other than its owner. Other researchers have confirmed the technique.
As Rosenblatt says, “that didn’t take long.” It can’t make Apple very happy that the iPhone 5s with Touch ID barely made it out of the stores before the fingerprint authentication got hacked.
Good Security Makes Hacks Difficult
On the other hand, the hack is not really going to warm the hearts of cyber-thieves. To use it, they need the user’s fingerprints — and smudges on the touchscreen probably won’t be good enough. It also involves the sophisticated exercise of copying the fingerprint onto a piece of latex.
In other words, as compared to such popular passwords as “Password,” “12345,” and “Princess,” the fingerprint authentication feature actually offers pretty decent protection to the user.
And when it comes to selling the iPhone 5s, or future iOS 7 devices, Touch ID probably won’t matter very much anyway. Most consumers routinely ignore or misuse standard security precaution, as those popular made-for-cracking passwords show. Businesses are (sometimes) more serious about security, but Apple is not really targeting the enterprise market anyway.
In short, while the swift hacking of Touch ID is a minor embarrassment for Apple, it is unlikely to impact the future of iOS 7.
Image courtesy of Flickr
[cf]skyword_tracking_tag[/cf]