How Touch ID is a security flaw. CC: @Apple

I’ve been thinking about this more than usual recently and would like to bring up a potential security flaw from Apple: Touch ID

Touch ID is brilliant sure, but have we considered the flaws of it? Fully I don’t think we have. I first started thinking about this when I let my friend put her fingerprint into my phone for Touch ID which requires someone to know the phone passcode. So what is the main security flaw with Touch ID?

Wallet.

Though a phone passcode may be forgettable after I allowed her to put her fingerprint into my phone I immediately thought of Wallet. I have credit card, debit card and gift card information stored in wallet. I also have the ability to make purchases in app via Wallet.

If I don’t have my phone on me, someone could easily buy an outrageous amount of items which is not approved by me.

But that is not all

Payment in app can be an issue but the most threatening that I see is with apps for online banking, private apps & secure apps.

These apps use a passcode and Touch ID if setup. A regular user will most likely set up Touch ID for an app because of the convenience of doing so. It’s a step taken to avoid forgetting a login and a quicker sign in time for everyone.

This easily allows for unauthorized logins, purchases and transactions as well as moving funds from a bank account to another. The list goes on. However, let’s take a look at an extreme.

The Stolen Phone

Someone steals your phone. It’s not the end of the world though because you have a six digit passcode. All of your details and accounts will be safe, not an issue because they can’t get in. But all it took was a few guesses for the person who stole your phone to get into it due to the fingerprints on the buttons of the lock screen.

Sure they may not write it down but it’s now open. All that’s left is to open Settings > Touch ID & Passcode and add their fingerprint. What’s the point in retyping your passcode over and over again anyway when they can use a fingerprint?

Even worse they have access to all the apps you have Touch ID enabled on that don’t share the same passcode as your phone. Sure there could be extra security features from your bank showing you where you’re signed in and having the ability to kick you off but most apps won’t be the same.

The worst of it all?

Though it’s an uncommon scenario it’s possible. However even in a situation like this, we still refer to Touch ID as secure. It all depends on the situation but it’s always a possibility that this could happen. Is Touch ID a real security flaw or just a small one? I’ll leave that for you to decide.