The CCC said in a blog post that although Apple claims its fingerprint sensor is much more secure than previous fingerprint technologies, it simply has a higher resolution than previous sensors, so all the CCC needed to do was increase the resolution of its fake.
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson for the CCC.
"The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."
Commenting on the news, security expert Graham Cluley reiterated the CCC's claims that fingerprints are not secrets, and can easily be picked up and copied by others.
"Relying on your fingerprints to secure a device may be okay for casual security but you shouldn't depend upon it if you have sensitive data you wish to protect," he said.
Apple did not respond to a request for comment on the hack.
This is the third security flaw discovered since the phone and its iOS 7 software were released last week. First, Jose Rodriguez, a 36-year-old soldier living in Spain's Canary Islands found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter and more.
Then Karam Daoud, a 27-year old Palestinian living in the West Bank city of Ramallah, demonstrated that he was able to make a call to any number from a locked iPhone running iOS 7 by exploiting a vulnerability in its emergency calling function. Both vulnerabilities were first reported by Forbes.
Notably, no one has yet managed to extract a fingerprint rendering from the iPhone itself, where Apple says it is held on a secure chip. The CCC's method relies on capturing a high-quality fingerprint elsewhere, and having access to the phone.
Speaking to BusinessWeek just after the iPhone 5S was unveiled, Craig Federighi, Apple's head of software, said that Apple's focus had been on making sure that fingerprints could not be extracted from the phone.
"No matter if you took ownership of the whole device and ran whatever code you wanted on the main processor, [you] could not get that fingerprint out of there. Literally, the physical lines of communication in and out of the chip would not permit that ever to escape," he said.
No comments:
Post a Comment