I guess you have seen this in the meantime: Chaos Computer Club claims to have “cracked” the iPhone 5s fingerprint sensor. It has been all over the press especially because it happened within a 48 hours window of the launch. I think that there are two things to consider, when you look at all the press coverage:
- The bad: This is an attack, which follows a known line of attacking a fingerprint reader. Something, which is out there for ages and still the iPhone got tricked. This is something I personally cannot understand. Such well known attacks have to be defended in my opinion
- The good: If you look at risks, I guess the risk of somebody doing shoulder surfing on an airplane or any other way to get access to your PIN is way, way higher than an attacker really going through the hassle of getting a picture of your fingerprint etc. and then stealing your phone and unlocking it. Not to speak of all the people without a PIN at all.
So, if the fingerprint, really (I mean really) does not leave your phone, the bar for an attacker definitely increased. But from a PR perspective, the launch was – let’s say naïve.