Infrasonic wrote:There is a lot of misinformation about how easy it is to hack iPhone fingerprint scanners. In theory, it is relatively easy; in practice, not so easy. After 3 failed attempts, it reverts to requiring the PIN.
Remember when the FBI wanted Apple to provide them with a back door to iPhones and Apple told them to 'go away' and 'we can't do it even if we wanted to because the iPhone is intentionally made that way'?...and then the FBI came back later with 'its OK we found our own way in, thanks'...
That...
Well, yes; but, as mentioned, if I am being targeted for a hack (as opposed to random / opportunist), then I have more to worry about than my every-day credit card and bank account. I do not factor government intelligence agencies into my personal security arrangements.
We could equate it to home security; virtually no home is burglar-proof, but if I have deadlocks on my doors, locks on my windows, and a burglar alarm, then the opportunist thief is going to rob my neighbour who has a simple barrel lock and leaves her windows open. Someone from a government intelligence agency could probably be in my house with me for a week without me knowing, if they wanted to!
I regularly see friends and colleagues key in their PINs without attempting to obscure the digits, and then later leave their phone unattended. I could pick the phone up and unlock it in an instant. I see people in public, keying in the PINs, and then putting their phone in a bag or coat pocket and, if so inclined, I could take their phone and use it. I can't do that with fingerprint security, even though it may be technically less-secure than a PIN.
I don't think any contributor to this thread is expecting to advise, or be advised, how to avoid targeted breaches, especially by government agencies.
The bottom line is, a phone can definitely be breached with a targeted attack but, for most of us, we just need to be cautious and use a bit of common-sense*; obscure PINs, do not keep a phone where someone can easily take it, use strong passwords, different passwords for each account, etc.
*Not keen on the phrase 'common-sense'; I don't think it really exists.