Experts ′surprised′ that fingerprint tech is being offered as a security feature | Technology | DW | 23.09.2013
  1. Inhalt
  2. Navigation
  3. Weitere Inhalte
  4. Metanavigation
  5. Suche
  6. Choose from 30 Languages


Experts 'surprised' that fingerprint tech is being offered as a security feature

Germany's Chaos Computer Club claims it's cracked the biometric security of Apple's TouchID on a new iPhone 5s. But experts have being saying for years the technology's not up to it.

Listen to audio 05:19
Now live
05:19 mins.

Chaos Computer Club's Dirk Engling on Touch ID

The Chaos Computer Club (CCC) says all it needed was a fingerprint of a phone user, photographed from a glass surface, to create a fake finger that could unlock an iPhone 5s secured with TouchID.

It shows, says the CCC, that fingerprint biometrics is unsuitable as an access control method and that should it be avoided.

And the key to this conclusion is your greasy fingers.

"The moment someone steals your phone, you're providing them with the actual key," the CCC's Dirk Engling told DW, "so this is the modern version of leaving your PIN code on a Post It note on the back of your phone - you're just leaving your fingerprints on the front of the phone on the touch display"

Ten-year-old tech

Not only is the technology weak and insecure - but in the form it's being offered by Apple, Engling says it hasn't advanced in ten years.

"Around ten years ago, [the German] government tried to force an electronic ID card on everyone, containing fingerprints, and we looked into the biometric systems at the time and found several ways to circumvent the security measures implemented by them," says Engling. "And now ten years later, with Apple trying to introduce biometrics for the masses in their new iPhone we thought it a worthy target."

"But we were rather surprised to find it was not such a worthy target at all because the attack from ten years earlier was still working - only the sensor [on the new iPhone] had a little larger resolution, but that was about it."

Apple's Phil Schiller(Photo: Justin Sullivan/Getty Images)

Apple says your fingerprint will not be stored on its servers

Dirk Engling says the fingerprint technology might be a handy measure in some circumstances but that you would be best advised not to use it - unless you understand that you're not really secure.

"Cyberwar" author and academic at Berlin's Freie Universität, Dr Sandro Gaycken, agrees.

"We should have expected that this fingerprint technology is not fool-proof or secure," Gaycken told DW. "It doesn't provide you with a lot of security, it's more like a gadget or a feature on your phone … but you shouldn't expect any real security."

"And that's been out in research for a couple of years, so experts are wondering why companies are still coming up with this as a security feature."

Gaycken says a better security solution would be a retina scanner, "but you can't do that with an iPhone."

Paranoid about nothing?

Touch ID had only just been introduced by Apple for its latest model, letting users unlock their devices or make purchases in iTunes by simply pressing their fingers on the home button.

In an article about the technology, Apple says "your fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike."

But Engling says the fact fingerprints are unique is one of the problems.

Journalists take photos of a new iPhone 5S during Apple Inc's announcement event in Beijing (Jason Lee/REUTERS)

The iPhone 5s went on sale on September 20

"It's not just a drawback of the technology," says the CCC's Dirk Engling, "the problem is that you're using something as a password that you can't change - you're stuck with your fingerprints forever. And the same goes for your retina."

You may also feel less secure if you've used fingerprint technology on your phone when dealing with the authorities. If, for instance, you're forced to leave copies of your fingerprints with passport control in a country that is "not so friendly," Engling says "you're giving away the access codes to your most intimate thoughts."

"The same applies if you're arrested by the police," says Engling. "Normally, they can't force you to assist them in your prosecution, so they can't force you to enter your PIN code on your phone, but if they take your phone and swipe it across your finger if you're handcuffed, there's nothing you can do against it legally."

Apple's media representatives in Germany, PRfection, were yet to respond to our request for a reaction from the notoriously tight-lipped technology firm. The main news on Apple's website on September 23, 2013 - two days after the CCC announced it had bypassed Apple's Touch ID - was that Apple had sold a "record-breaking nine million" iPhone 5s and iPhone 5c models after the first weekend of sales.

Now all we need to know is the number of people who opt to use the new phone's fingerprint sensor.

DW recommends

Audios and videos on the topic