The passcode can’t die yet. The iPhone 5s’s Touch ID fingerprint security system can be unlocked with your finger even if you’re asleep. That means a jealous lover could hold your phone to your thumb while you slumber and read all your texts, call logs, emails, and more.
Apple confirms that a dead thumb won’t work. Chloroforming the victim might, but international spies will have no luck cutting off a Prime Minister’s thumb to access their secure files / selfies. Apple also doesn’t send a copy of fingerprints back to its servers, and instead stores them in a “secure enclave” in its A7 processor designed to be inaccessible by hackers or other apps.
Apple worked hard to make the the Touch ID security system easy to use. So easy a 5s can be unlocked by a cat, your toe, or even your…member, if it’s registered with your phone. The real issue, though, is that Touch ID has no way of telling if someone is passed out.
Frat dudes, heads up. You could wake up from a night of drinking to find your bros messaged all your exes and creatively re-wrote your Facebook profile. Yet the biggest threat is likely that of misuse by significant others.
It’s common to hear the story of a suspicious girlfriend or boyfriend who went through their guy/girl’s unlocked phone while he was asleep, found them flirting with someone else, and dumped them. Numeric passcodes would prevent this.
But Touch ID is vulnerable to “sleephacking”.
As long as someone knows what finger[s] you’ve registered with Touch ID, they can pick your phone up off the nightstand, press it against your sleeping finger, and voilà, the phone unlocks.
If you have shady personal stuff in you phone, you should…not have shady personal stuff in your phone. And if you’re significant other will rifle through your phone while you sleep, you’ve got bigger problems. But if you’re stuck sleeping by someone unscrupulous, you might want to go into your settings, enable passcode lock, and delete the fingerprints you have on file.
Really this all boils down to the idea that no password that humans have developed yet is both convenient and 100% secure. Not long strings of characters, not facial recognition, and not fingerprints. The lack of perfect digital security has become part of our culture — a risk and inconvenience no one is above, for now. On that note, I’ll leave you with this touching painting/poem by graffiti artist Banksy: