What does it mean that Touch ID was “hacked”?

So Apple designs a solution to those people, Touch ID. And some Germans guy discovered a decade old technique to fool the sensor. The negative hype on the Web is a bit misguided. Security conscious geeks are not the target audience for TouchID. The people who have no PIN or passcode at all are.

Earlier this year, security software vendor McAfee concluded a survey which indicates that almost a third of smart phone users find passwords and PINs so frustrating or inconvenient that they don't bother setting one. They are opting for no security.

Bruce Schneier offered some perspective in an article he wrote for Wired:

There are two ways an authentication system can fail. It can mistakenly allow an unauthorized person access, or it can mistakenly deny access to an authorized person. In any consumer system, the second failure is far worse than the first. Yes, it can be problematic if an iPhone fingerprint system occasionally allows someone else access to your phone. But it’s much worse if you can’t reliably access your own phone — you’d junk the system after a week.If Apple’s iPhone Has Fingerprint Authentication, Can It Be Hacked?

So Apple designs a solution to those people, Touch ID. And some Germans guy discovered a decade old technique to fool the sensor. The negative hype on the Web is a bit misguided. Security conscious geeks are not the target audience for TouchID. The people who have no PIN or pass code at all are.

The iPhone 5s is the first mobile device to make fingerprint access quick, reliable and simple enough that the masses will use it without hesitation. So much so that there’s really no excuse to not have it enabled on your phone anymore.

...

To be clear, the goal of Touch ID is not to be unhackable. The goal is to get more consumers to move from no security at all to some security.Smashing through the media hype: iPhone 5s fingerprint reader not really “less secure” or “hacked”

I think we will see that in a few years, finger print technology will be ubiquitous on mobile devices. Apple could improve on TouchID in one way though. It would be nice to have the ability to enable Touch ID with a PIN. Maybe it will in a future iOS patch. The user could have three options:

  • Use passcode or PIN
  • Use Touch ID
  • Use Touch ID with a PIN or passcode.

For now if you want to use Touch ID with increased security, register it to use the last two fingers on either hand (pinky and ring finger). Those are the fingers less likely to leave a print.

However, I'm just happy that Touch ID exists for those ignorant (stupid?) enough to not use a PIN or passcode. Let's get those people on board first. Let's be happy for those people. Then ... we can send Apple our geek checklist.

Author: Khürt Williams

A human who works in information security and enjoys photography, Formula 1 and craft ale. #nobridge