Apparently… it’s just as (un)secure as any other fingerprint scanner.
It took less than 48 hours for someone to figure out that Apple’s supposedly super secure fingerprinting method is no more or less secure than any other fingerprinting method and vulnerable to the same hacks. According to various sources like this one Apple’s TouchID is “more” secure than others because it requires a live finger to thwart muggers from chopping off your finger when they take your phone.
From CITEWORLD (emphasis mine):
With the new sensors you don’t have to move your finger, just press it against the reader. And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that’s been severed from your body.
Sounds great right?
Well apparently with just “… a camera, a laser printer, and some wood glue… ” you can make a fake fingerprint and open up someone’s iPhone. Or any other fingerprint reader for that matter.
Here is a link to Gizmodo’s writeup, but you can easily google “iPhone TouchID” right now and get a bajillion hits from many sources all covering this news. In a nutshell, you take a picture of a fingerprint just like the police do at a crime scene (aka put dust on it), print it out, apply wood glue to the print (to get all the peaks n valleys) and now you have a fake fingerprint that will unlock an iPhone. You can get a fingerprint from any surface, but glass works especially great. So getting one from a beer mug or wine glass at a bar would be very easy. There isn’t a need anymore to carry around a machete for lopping fingers off. Just a bag to hold items your target has touched that you want to lift fingerprints off of.
Now this isn’t to say that TouchID isn’t a great tool to have and use. It’s much easier/quicker than typing in your code every time you want to check Twitter. And while it’s not “hard” to bypass TouchID in this manner it is probably further than most common thieves will go to break into your iPhone which means it’s probably just as secure as your pincode (which can be guessed by the finger grease on your screen), but a lot quicker to use. My only gripe is when companies (or people) say or imply that their stuff is more secure than others when it’s really just the same.