SALT LAKE CITY — Apple Inc’s newest iPhone launched Friday Sept. 20, selling out almost instantly at most Apple retail stores. Apple touted the release as extraordinary, due largely in part to the addition of a fingerprint scanner that allows users the ability to access information with biometric data.
Three days after the release, however, a German hacking collaborative claimed to have broken the security system behind the finger-scanning technology.
The Chaos Computer Club, one of the oldest and most reputable group of hackers, posted a video on their website of one of the hackers using basic methods to gain unauthorized access to an iPhone with a finger-scanner. The reports of the hack have not been confirmed, but many in the technology community said there is no reason to suspect the CCC has not hacked the scanning system.
Apple relied heavily on the success of biometric security features when it advertised its new phone. The company claimed the software was more reliable than other fingerprinting security because the scanner on the phone was able to go beneath the top layer of the finger’s skin.
On the CCC’s website, a hacker who goes by the name of "Starbug" explained why biometric security can be unreliable.
Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn't depend upon it if you have sensitive data you wish to protect.
"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” Starbug said. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
Technology experts have been critical of biometric security devices, as companies like Apple and others in the industry maintain the validity of such tools. Anti-virus and Internet security expert, Graham Cluley, said in a blog post Tuesday he worries about the security of fingerprint technology.
“Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect,” Cluley said.