Germany’s Chaos Computer Club claimed that they hacked the new Apple Inc. (NASDAQ:AAPL)’s iPhone 5S, just two days after the device went on sale worldwide.
The group told the procedure that their biometric hacking team took a fingerprint of the user, photographed from a glass surface, and then created a “fake fingerprint” which could be put onto a thin film and used with a real finger to unlock the phone and proved all this by a video.
This news will create concerns for businesses which see users intending to use the phone to access corporate accounts. However it requires physical access to the phone, and a clean print of one finger which is required to unlock the phone, it raises the risk of a security breach.
The Chaos Club’s blogpost author, “Starbug “said this proves that fingerprint biometrics is unsuitable as access control method and should not be used. Security specialist Graham Cluley said that depending upon on fingerprints to secure a device may be okay for casual security – but it will not work for sensitive data protection.
This is the third security failing discovered since the phone and its iOS 7 software were released last week. First, a hacker can enter into iOS 7’s Control Centre feature on the iPhone 4S and 5 to access photos and send emails. Secondly, Emergency Call screen can be used to place a call to any number.
Users can create up to five fingerprints to unlock the phone. At first they have to create a pass code of at least four digits, and then create fingerprints separately. In iPhone 5S, Touch IDis used and a scanner is present in the home button of the phone to take a high-resolution image of the fingerprint from the skin.
Touch ID provides an accurate match and a very high level of security. The company claimed that is happens rarely that two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger.
Craig Federighi, Apple’s head of software, emphasized that the fingerprints would not leave the phone. Apple is focusing that if somebody took ownership of the whole device and ran whatever code he wanted on the main processor but could not get that fingerprint out of there. Now this seems all to be wrong.
Leave a Reply