Chaos Computer Club breaks Apple TouchID
Unlocking TouchID with fake fingerprint. | YouTube
@timbray Pre-Touch ID, your … | Twitter / gruber
Why I Hacked Apple’s TouchID, And Still Think It Is Awesome. | The Official Lookout Blog
Touch ID is not a “strong” security control. It is a “convenient” security control. Today just over 50 percent of users have a PIN on their smartphones at all, and the number one reason people give for not using the PIN is that it’s inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.
On the Effective Security of Touch ID | Daring Fireball
Clearly Touch ID is better than no passcode at all — which Apple claims is how the majority of iPhone users (and smartphone owners in general) have their devices configured. Further, I think it’s better than a 4-digit PIN. It seems far easier to me to spy on someone entering their PIN than it would be to capture a high-resolution fingerprint (from their correct finger) and reproduce it in way that works to fool Touch ID.
(The new lock screen PIN entry UI in iOS 7 might even make it easier than before to snoop someone’s PIN.)