A Chinese startup has exposed a dangerous flaw in Apple’s Touch ID biometric security verification system: it can be hacked using children’s modelling material Play-Doh. Jason Chaikin, President of mobile security firm Vkansee, demonstrated that Play-Doh can take a mould of a fingerprint which can then be used to unlock an iPhone via its fingerprint scanner.
The exercise is part of Vkansee’s marketing strategy to promote its new patented under-glass fingerprint scanner, which cannot be compromised in such a manner.
“The demand for under glass scanning that’s resistant to hacking is the number one thing that we hear from the device makers,” Chaikin told CNBC at the Mobile World Congress (MWC) in Barcelona on Wednesday.
Apple refused to comment on the incident, instead directing CNBC to the support page regarding Touch ID on its website.
“Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger,” the Apple website reads. “Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you can’t proceed until doing so.”
Toby Rush, CEO of EyeVerify, believes that multi-modal or multi-factor authentication solutions offer a greater level of security than fingerprint, or any authentication solution, alone. His company’s Eyeprint ID technology uses the front-facing camera on a smartphone to match visible blood vessels and other micro-features in the white of the eye.
“We look at micro features just outside the eye, the strongest being the blood vessels in the eye. They are stable, they work really well,” Rush told CNBC. “I think fingerprints are great and not going anywhere, fingers and eyes will win the day. Anyone in biometrics will agree that multiple options provide the best security in the most robust manner and best user experience.”
Image courtesy of Play-Doh Sets.