The deceiving truth about fingerprint biometrics

Your fingerprint is one of the best passwords in the World. It’s always with you and no two are exactly alike.

Dan Riccio, Apple Vice President Hardware Engineering

Unfortunately, as it has been demonstrated, only half of that statement is true.

It never ceases to amaze me how large companies can get themselves caught in their own web of self-deception. The best marketing bull-shit is the one you believe yourself.

I doubt the news of TouchID being circumvented with “everyday” items like transparent sheets and white wood glue will have any hindrance on Apple’s ability to conquer government and enterprise markets. After all, those people are mortals like the rest of us. They want the shiny new phone too.

But the real question is how long will it be until the Secure Enclave in the A7 processor gets compromised? Let it be clear, I know very little about ARM’s TrustZone Ready Program and its level of security but we can assume its inclusion in the iPhone 5S has made it a high-priority target for hackers.

Until then, it will be fun to see the slew of headlines about normal people bypassing TouchID to make unwanted purchases or to spy on their spouses.

I thought I would leave you with this rather interesting quote by Frank Rieger, a member of the Chaos Computer Club who demonstrated how to get around TouchID.

We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token. […] Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access