Recently Apple added the Touch ID Sensor to the new iPhone device. It is a biometric control that claimed to be pretty secure, after all it’s a biometric control. Biometrics are usually harder to break than other types of mechanisms and they are harder not just because how they are implemented but because of the difficulty in acquiring the required material to spoof it. In a recent post by The Hacher News (http://thehackernews.com/2013/09/finally-iphones-fingerprint-scanner.html) a group of infosec specialist found a way to fool the biometric control giving it a fake fingerprint (watch the video). While this is not actually hacking the system but it’s a way to unlock the device.
I am sure there will be more post and news doing the same thing. Even that’s one of the first things I think when I saw the new feature. There are a lot of ways to fake fingerprints: jelly, glue, stickers and more. I prefer glue it’s the easiest way and if you use a fake fingerprint to bypass a biometric mechanism you are not actually hacking the system. The security of these controls is based, as I previously said, on the difficulty in acquiring the real fingerprint. Sure, you are leaving your fingerprints everywhere in everything you touch but getting a good one that could work can be really hard.
To hack the system you would have to give the system another fingerprint and force the system to authenticate with that fingerprint. Because it is a very difficult process it is usually easier to obtain the victim fingerprint.
Would you trust in the Touch ID security system ?