A 6-year-old girl from Arkansas may have just shown how vulnerable the supposedly secure Touch ID system really is after she was able to use her unwitting mother's smartphone to make several purchases online.
Ashlynd Howell from Little Rock surprised her parents when she was able to place $250 worth of purchases on Amazon earlier this month without their knowledge. The shopping spree was only discovered after the Howells received 13 order confirmations for Pokémon items.
At first, Ashlynd's mother Bethany thought her Amazon account had been hacked, leading to the illegal purchases. However, the mother soon found out that her daughter had scanned her fingerprint while the mother was taking a nap to bypass the Touch ID system on her phone.
When the Howells tried to have all the Pokémon gear returned to Amazon, they were told that the store would only accept four of the 13 items that Ashlynd bought. They just decided to use the items as Christmas gifts and told their daughter that they were from Santa Claus.
Touch ID Security Failure?
Ashlynd's story reveals serious security concerns regarding the Touch ID system. If a 6-year-old could easily bypass its security features, there's no telling what a grownup hacker could do with it.
According to Apple, the Touch ID system was developed as an alternative to passcodes to secure mobile devices. It makes use of the uniqueness of every person's fingerprint to offer another level of protection.
A user simply has to have his or her fingerprint scanned using sensors on an iPhone's Home button to keep the device secure. Since no two people have the exact same fingerprint patterns, the system makes sure that nobody else can access the smartphone except for the owner.
The Touch ID security feature doesn't store images but rather it uses mathematical representations of owners' fingerprints. These prints, along with the passcode needed when users set up their Touch ID system, are then encrypted and protected through Apple's Secure Enclave.
Smartphone Owners Need To Be Vigilant
However, as seen in the Howells' story, the security of mobile devices and the valuable information stored within them also require the vigilance of their owners to be protected.
While Bethany Howell's smartphone may not have been hacked by strangers, it was still accessed without permission by her own daughter, who took the opportunity to open her phone while she was asleep.
It's always good to have a reliable security system for your smartphone, but it wouldn't hurt if you still take a few more precautionary measures such as keeping your mobile device out of your children's reach.
It also helps to explain to your kids about the value of respecting each other's property to avoid a similar scenario as that of the Howells.