The new iPhone 5S has fingerprint scanner. Or as Apple would call it: Touch ID. This additional feature is meant to give a layer of security to iPhone users who currently choose not to set up any PIN at all. As Apple mentioned in their launch event, half of iPhone users don’t even set up PIN to protect their devices because they feel it’s too much trouble to enter the PIN every time they need to use the phone. So fingerprint is implemented to simplify the process.
It was never touted that the fingerprint is an unbreakable high-security. Because fingerprint technology has been around for many years, and it’s ALWAYS breakable. It’s the very nature of the technology itself that carries the weakness, at least by today’s technology.
Within few days, we heard a lot of noises around this Touch ID. I’m not going to comment on all those noise, just 3 major comments that I think is really ridiculous.
1. iPhone 5S will make it easier for NSA
This is pure stupid. NSA would ALREADY have everyone’s fingerprints by now and they don’t need a consumer product to help them gathering fingerprints. It’s too much trouble for them. And there are easier ways as US government already have all the data long before the very first iPhone.
2. The cat-paw can “break” iPhone 5S fingerprint security
In case you missed it, here’s the video:
[youtube id=”1OFW6Va1m5k” width=”668″ height=”501″ autoplay=”no” api_params=”” class=””]
The video shows that a cat’s paw is capable to open iPhone 5S. This simply shows that the fingerprint sensor is good. Because fingerprint sensor (any brand) is considered “good” if it’s more flexible in detecting various cases of skin layers. And essentially, some animals does have certain part of their skin which have similar look to human fingers. So there’s actually no surprise here.
What surprise me, is that some Apple haters jumped on this video and started claiming that iPhone security can be bypassed using a cat. What? How idiot they can be? This cat’s owner registered the cat’s paw-print as a finger data in his iPhone. Then he use the same paw-print to open it. Same pattern. It matches. Of course it SHOULD work. In their own delusion, these haters probably think that the iPhone is registered under the owner’s (human fingers), no cat’s paw there. But the cat’s paw-print can open the lock. Oh wow, how easy to manipulate them. Or maybe they choose to manipulate themselves.
3. Latex sheet hack
[youtube id=”HM8b8d8kSNQ” width=”668″ height=”501″ autoplay=”no” api_params=”” class=””]
This video shows a person with iPhone 5S registering his finger. Then he grab a latex sheet that has been PREVIOUSLY PREPARED, and use it to open the iPhone’s lock. Then they make it such it’s very easy to actually do the whole thing.
I had 2 years of my career in biometric security, so I can at least tell you this:
No matter what these people trying to tell us how “easy” the process, it is NOT easy.
Latex sheet is the weakness of virtually ANY fingerprint sensor in today’s market. So it’s not limited to Apple’s sensor. Creating latex sheet of fingerprint is never easy because :
# A hacker needs to obtain a clear sample of original fingerprint. In their sample, that person use his OWN fingerprint as example. So of course he CAN produce a clear example of his own print. Imagine asking someone to willingly give us their fingerprint sample so we can hack into his phone? Not gonna be that easy.
Under very special occasions and highly trained skill, yes they can grab the print from things we touch. That’s not everyday people’s task. Police’s crime scene’s officials need some serious training to do that.
# It requires skill. The process of obtaining (and securing) the initial sample is never easy. It also requires a high resolution scanner. Not our everyday scanner or digital camera. It won’t give enough resolution to do the trick. To go through all this trouble just to hack someone’s phone doesn’t seem practical to me. Except if the person is a nation’s president or someone with very important secret (which shouldn’t be stored inside a mobile phone in the first place).
If I were a person having the skill to do this latex sheet hack, I would have better things to do, good career in security, and certainly won’t waste time stealing random people’s phones then making latex sheet to open the phone. And even if someone can open a stolen phone, he can’t reset is as new phone, so he can’t use it, can’t sell it, unless I know the PIN and Apple ID password. But that’s an entirely different topic to discuss.
Which brings us to the next point:
# If someone is going through all the trouble to make a latex sheet of your fingerprint, chances are, you have a much BIGGER issue that your phone.
Another video shows a hack using glue :
[youtube id=”baio0qUj2Lk” width=”668″ height=”501″ autoplay=”no” api_params=”” class=””]
For this one, good luck in asking people to allow us capturing their finger using that glue. Might as well ask them to unlock the phone directly.
Yet a lot of haters jumped on this video and mocking the fingerprint feature as “I can just use glue and digital camera to hack it”. Seems like they even have some problem on reading, and common sense.
Again, no security measure is unbreakable. Essentially, no digital data is ever truly secure, or truly private. If you want your data to be secure and private, follow one simple trick from the Russian government: go back to manual typewriter.
If CCC (the hacker group publishing the latex sheet hack) is trying to make people believe that fingerprint is not more secure than PIN, how about remembering that Apple’s Touch ID is created NOT as a higher level of security compared to PIN. In fact, if we haven’t used the phone for more than 48 hours, they require the next use to enter PIN. It clearly shows that even Apple agrees that PIN is considered to be more secure.
[notice]Touch ID is marketed towards people who previously choose NOT to implement any security (around half of iPhone users choose not to use PIN). Little security is BETTER than no security. Fingerprint is offered for CONVENIENCE, not for unbreakable security. And yes, using fingerprint IS more convenient, and better than not using PIN at all.[/notice]
It always amazes me, every time Apple release a new product, we will hear more voices from the haters (negative voices of course). We hear them condemning Apple users as sheep, zombies, etc. If they so love their own products, why can’t they just shut up and ignore when another brand is releasing their new model?
A Tag Heuer watch is $1200++. A Seiko watch is $200-ish. But we don’t see Seiko watch owners condemning Tag Heuer watch owners every-time they purchase a new model. People buy Tag Heuer because they can afford it. Even <$10 non-branded watch can do the same purpose: tell time. Yet there’s no such of hate-speech and negativity everywhere.
When Samsung, Sony or HTC launched their new flagship products, I saw only few Apple users badmouthing them. I, myself, were enthusiastically go to stores to test the demo units. Even though I ended up not buying because it doesn’t fit my personal taste, I didn’t go around bashing and ridiculing people who choose to buy them.
People buy Apple products because they can afford it. It’s their own money. They queue using their own time. Not anyone else’ money or time. Then why these haters even bother to judge and ridicule them?
Some haters just want to make themselves feel good for what they have by bashing a brand they can’t afford.
There’s nothing wrong by choosing a cheaper product. There’s nothing wrong with people choosing to buy more expensive ones. There’s nothing wrong about having a personal preference. And there’s nothing wrong about choosing a product that we like, whether it’s from technology point of view, design point of view, functionality point of view. How about we just buy what suit us best and stop ridiculing others?
Leave A Comment