TouchID hacking nonsense

So this group called CCC (Chaos Computer Club) described the process to “hack” TouchID as being really easy, one which can be done just by household materials. I didn’t go through the whole procedure (they have a video link). Whatever it is, people linking to this by saying “WHOA! Apple’s TouchID has been hacked!” are missing the whole point. It would have been hacking if CCC got access to the secure enclave where the fingerprints are being stored. What they have actually done is just spoof fingerprints and trick the TouchID sensor to think it is a real finger — something which is possible to do with most fingerprinting sensors.

The point of TouchID is not to make your phone more secure. It is to lure those who don’t have any security at all on their phones to have some sort of basic fingerprinting security. Many users (including me) just don’t have any security (read security pin) setup on their phones because it is a barrier to day to day activities. TouchID is so simple and easy to use that most users will have it setup and ready to use. This means more people will have security enabled for their phones now.

If you are going to have stuff on your phone which is so sensitive then probably you should rethink your strategy to keep those documents on the phone in first place.

As a closing note: