Iphone fingerprint hacker on the limits of biometrics for security

Jan "Starbug" Krissler, the Chaos Computer Club researcher who broke the fingerprint reader security on the new Iphone, had given a long interview to Zeit Online explaining his process and his thoughts on biometrics in general. The CCC's Alex Antener was good enough to translate the interview for us; I've included some of the most interesting bits after the jump.

Krissler: There are certain characteristics that are better and characteristics which are less suitable. The better ones include those which you do not leave anywhere, or the ones that cannot be taken off easily and unnoticed. Which means, characteristics that you can actually only be read with an appropriate sensor. The vein pattern is a good example. I had assumed that Apple would apply something of the kind. After all at the launch of the iPhone it was announced that the scanner will have a sub-epidermal finger recognition, i.e. one that not only relies on finger ridges on the surface. Frankly spoken, I was shocked by how easy it was to bypass it.

But also in other processes such as vein patterns it must be clear: if someone gets access to such a characteristic, he will find a way to replicate it and thereafter to overcome the system.

ZEIT ONLINE: So why is biometry presently so highly touted as a security mechanism?

Krissler: As there is a big industry behind it and because biometry also is capable of identifying people.

ZEIT ONLINE: But isn't it that biometry works fine to clearly identify someone, but not as good to have something secured?

Krissler: One can customize systems quite well, as long as they only need to distinguish people from each other. In this case the error rate is quite low. But once you have the whole of humanity, or in this case all iPhone users as a target group, things get quite impossible. Simply because its characteristics vary greatly. Biometry just also has its weaknesses. Unlike passwords that are either right or wrong, there is always a certain probability of match. Therefore the TouchID scanner isn't really a security method, but a comfortable method. Had Apple made the mechanism more secure, too many people would have struggled turning on their iPhone and too many people would have been rejected too often.

Many don't use any passcode on their smartphone at all, whereas using a fingerprint is still better than nothing - as Apple said at the launch. But it's obviously about convenience and ease of use, not about security. Therefore I would not even want to rate TouchID associated with security practices.

(Thanks, Alex!)

Notable Replies

  1. His points about the dangers of making everyone check in with biometrics are quite valid, but at least two points are misleading.

    “The best example for this is Hamburg, where at one school all
    students had to submit their fingerprints to get their lunch.”

    That was an employee's mistake - they made all kids register, even those whose parents didn't opt in. There is and was a secondary method of paying with a key card in place. (Though I disagree withe both systems. Money works fine and frankly, it should be covered with a flat rate anyway.)

    This has already begun with the fingerprints in the German identification card and the passport.

    The fingerprint in the ID card is opt in.

  2. Yeah, that's a valid point. That's why I'd go for a flat rate, with exceptions for poorer families. Anyone can get his lunch, if someone wants to opt out completely, that's doable, too, and I refuse to believe that the richtest countries on Earth get broke when a kid has a third helping.

Continue the discussion bbs.boingboing.net

12 more replies