Show of hands: Who hasn't hacked Apple's Touch ID?

Turns out that fingers (real and fake) are just one way to unlock an iPhone 5s; noses, toes, and other body parts also apply

Page 2 of 2

Body of evidence

But wait there's more. We already know that fake fingers and feline appendages can unlock an iPhone 5s. How about your nose? You bet. Also, your toes.

One intrepid iPhone user in Japan with clearly too much time on his hands even used his nipples to unlock his phone. (Why not? He wasn't using them for anything else.) I hope he warmed up the phone first.

What could possibly be next? Yep, you guessed it. I'm not going there. There are boundaries even I will not cross. But I can already see a market for live iPhone-unlocking Webcam shows.

What conclusions can we draw from this? The first is obvious and well known: By now most of us realize all know no solution is truly "secure" -- at least, not for long. Whatever seems secure today inevitably turns out to more porous down the road, whether because some clever hacker figured out its flaws or because the NSA engineered its own backdoor.

Second conclusion: Touch ID is a gimmick designed to give the iPhone 5s more of a "wow" factor, kind of like Siri was for the iPhone 4S. It's a fun gimmick, but a gimmick just the same.

Odds that your average mugger will steal your iPhone and go to this amount of trouble to get at your personal data are slim. But as Robert Graham, CEO of penetration-testing firm Errata Security and co-sponsor of the Is Touch ID Hacked Yet site, writes:

Many people claim this hack is "too much trouble". This is profoundly wrong. Just because it's too much trouble for you doesn't mean it's too much trouble for a private investigator hired by your former husband. Or the neighbor's kid. Or an FBI agent. As a kid, I attended science fiction conventions in costume, and had latex around the house to get those Vulcan ears to look just right. As a kid, I etched circuit boards. This sort of stuff is easy, easy, easy -- you just need to try.

Graham adds that bad security is better than no security at all, which is true. Also true: An iPhone with a whizzy but ultimately flawed gimmick is better than one without, if only because it's easier to poke fun at.

That still leaves the question: Can Touch ID be hacked by a pair of Spock ears? No doubt somebody somewhere is trying to find out.

Still want to take a chance on Touch ID? Register your vote below or email me:

This article, "Show of hands: Who hasn't hacked Apple's Touch ID?," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

| 1 2 Page 2