On Monday a court in Los Angeles ordered a woman to put her fingerprint on her iPhone to comply with a search warrant, the first time someone has been forced to do so, according to Mac Rumors.
But had the woman’s fingers been burned by a freak acid accident en route to jail, it looks like it wouldn’t have been that hard to get past the iPhone.
Fingerprint sensors provide another option for digital ingress, one that’s much easier for someone to hack than standard passcodes that temporarily blocked the FBI in the San Bernadino case. In fact, according to the Verge‘s Russell Brandom, your fingerprint is actually your phone’s biggest vulnerability.
The Verge had a security firm come in and after imprinting a staff member’s in dental molding—a simple enough task—they stuck a piece of Play-doh into it, which became the fake finger. When the finger was placed on a Samsung Galaxy sensor for a moment, the phone was unlocked as if his finger had touched it. Pretty scary.
While the DIY method is pretty much impossible without someone’s consent—and it won’t work if you have smooth fingerprints—anyone with a 3D printer and some know-how could clone the print from an image, and if the final fake finger was made with rubber, it could be wearable.
Musing on all of this, Brandom notes that fingerprints could easily become part of leaked data, and our inability to change them like passwords represents a significant security issue.
So what should this mean for you? Well, it’s probably okay to keep it enabled on your phone if it’s convenient for you, but it’d be a good idea to set any sensitive apps (your bank, for example) to require further authorization via passcodes or passwords instead of fingerprints.