As smartphones today become more and more complicated, their level of security also becomes an important aspect. Passwords have started to become obsolete, with other methods being implemented to offer better security to devices. One example would be fingerprint scanning, wherein a phone detects a user's biometrics in order to unlock it. This provides an extra layer of security, ensuring no one else but the user gets to access the handset.
However, a loophole around this security feature has recently been discovered. Chinese startup Vkansee recently demonstrated how a third-party can easily override this feature on an iPhone with only the use of Play-Doh, a clay-like substance toy for children.
Demonstrated during the 2016 Mobile World Congress, Vkansee CEO Jason Chaikin molded a copy of his fingerprint using a small ball of the Play-Doh by pressing his finger on it. After this, he placed the ball with his fingerprint on the iPhone. Lo and behold, after a few attempts, the device accepted the "fingerprint" it sensed, granting the user full access to the phone.
Chaikin exhibited this instance to show the lack of sophistication when it comes to security solutions not only for the iPhone, but for other devices as well, that sport the feature.
Apple did not publicly comment on the possible loophole, but instead pointed to a security page on its website. It states:
Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger.
Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you can't proceed until doing so.
This issue has long been a problem when it comes to enforcing security measures in today's technology. Back in 2013, a hacker group claimed that it used a fake fingerprint to override the Touch ID feature of the iPhone.
Also, facial recognition seems to be another victim. Back in 2011, it was discovered that Android 4.0 Ice Cream Sandwich's facial recognition feature can easily be duped into letting a person in to the device by simply flashing a photo of the device's owner.