While the FBI is almost begging Apple to let them have a backdoor access to its iPhone, a Chinese company demonstrated how to hack it with Play Dough
If you are keeping an eye on current affairs you must be aware of the ongoing tug of war between Apple and the FBI on the hacking of iPhone issue but someone hacked iPhone without any backdoor or malware.
A Chinese startup demonstrated how they hacked an iPhone with a popular children’s toy. The toy, Play Dough or Play-Doh, was used to hack an iPhone which was locked to a user’s fingerprint. This demonstrates that, even though one’s device is protected with advanced biometrics, the device is not entirely safe from ill-minded strangers.
— Arjun Kharpal (@ArjunKharpal) February 24, 2016
The fingerprint mold was made from a cast of a finger made from dental paste, which means that criminals would find this method of hacking a phone fairly labor-intensive. It is, however, theoretically possible for someone working in a dental lab to make a cast of a patient’s finger and then use that to make a mold out of Play-Doh, after which that mold can be used to unlock that patient’s iPhone.
Unlikely as that may be, it is still a wise idea to check your accounts regularly for signs of suspicious
activity. These signs include:
sudden drops in your credit score
unusually high balances in your credit accounts
accounts you are not aware of
Apple does point out that the chances of someone duplicating your fingerprint or other biometric signals are approximately 1 in 50,000. This is much lower than the 1 in 10,000 chance of someone guessing your password using alphanumerics but is still much higher than absolutely no chance at all.
This is why people using biometric security devices are advised to at least know what is being monitored, where that information is being stored, what security features are in place to lock down the information and what to do if their device is ever lost or stolen.
One of the problems with passwords and biometric security systems is that many people tend to “set and forget”. This means that once they decide on the type of security they want, they set the security system up and forget to do the follow-up work.
For fingerprint and other biometric IDs, this means checking your credit score on a monthly basis, or at least on a bi-yearly basis in addition to maintaining the security that was set up. For passwords, it means treating your password like a toothbrush—replacing it every 6 months and not sharing it with anyone. Instead, they set up their security system and never touch it again, secure in the knowledge that they have a security system in place and never thinking about what type of security system they have or checking to see if it has been compromised.