On Sunday, just two days after the iPhone 5s shipped, a German hacker group known as the Chaos Computer Club claimed it had managed to fool the new device's fingerprint reader. I can't say I'm surprised.
Years ago, I was involved in a project that reviewed more than 20 biometric fingerprint products. The goal of the project was to determine which fingerprint readers could be fooled and how easily. It was an eye-opening experience, especially in seeing how easily many of the readers could be tricked. With little effort, we were able to bypass all of the readers. With some, we could actually reactivate latent prints by cupping our hands over the scanner glass and blowing warm, moist air over them. Voilà! You were in.
[ Newly updated: Mobile security for iOS vs. Android vs. BlackBerry vs. Windows Phone. | InfoWorld presents the Bossies 2013, covering the best open source software for security, mobile, and more. | Keep up with key security issues with InfoWorld's Security Central newsletter. ]
That method, fortunately, can't be used with the reader on the iPhone 5s. Instead of scanning an image of a fingerprint, the reader uses capacitance, the same basic tech employed by touchscreens to track your fingertip. When you register your fingerprint, the ridges and valleys of your print are recorded as high- and low-capacitance areas. To fool the iPhone 5s, a fingerprint image won't work. You need to create a 3D replica of the fingerprint.