A Chinese Company Just Hacked an iPhone Using Play-Doh

If you’re protecting your smartphone with your fingerprint, beware strangers bearing Play-Doh.

A Chinese startup demonstrated at the Mobile World Congress this week how a mold made from the popular children’s toy could be used to unlock an iPhone, CNBC reports.

You can see a truncated version of the purported hack in a video posted to Twitter by tech reporter Arjun Kharpal: Jason Chaikin, president of mobile security firm Vkansee, holds a piece of the molding clay bearing a fingerprint up to Apple’s Touch ID fingerprint sensor and, within a few seconds gains, access to the device.

Vkansee showed how to hack an iPhone fingerprint sensor using Play-Doh #MWC16 pic.twitter.com/FRY7JGMh2M

— Arjun Kharpal (@ArjunKharpal) February 24, 2016

The Play-Doh print in use, it should be noted, came from the cast of a finger made in dental paste, according to other outlets covering the hack. In order words, it could be fairly labor intensive for criminals to replicate in the real world. Still, the demonstration serves as a reminder to keep an eye on your payment or personal information, no matter what security features you are using to protect your accounts or devices.

Apple did not immediately respond to Credit.com’s request for comment on the demonstration. It did point Kharpal to its security policy, which states “every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1-in-50,000 for one enrolled finger. This is much better than the 1-in-10,000 odds of guessing a typical 4-digit passcode.”

Get everything you need to master your credit today.

Get started for free

Protecting Your Personal Information

According to CNBC, Chaikin was demonstrating the hack to illustrate a lack of sophistication in current biometric solutions — which authenticate identities via physical or biological information, like a fingerprint, retinal scan or even heartbeat. His company, incidentally, is marketing its own fingerprint sensor, but this isn’t the first time current biometric authenticators has been called into question. Reports have surfaced of Apple’s Touch ID being hacked before and other popular smartphones have weathered similar allegations.

Regardless of these hacks, biometric authenticators are generally considered more secure than traditional alphanumeric passwords, though, on the flip side, there’s also been some debate around what hackers could do, should they get a hold of such sensitive information. That’s why consumers should, at the very least, read all the terms and conditions associated with the biometrics they use to learn, among other things, what is being scanned, where it is being stored and what security features are in place to lock down the information should your device be stolen or otherwise compromised.

And whether using password or fingerprint protection, you should regularly monitor financial accounts for credit card or debit card fraud and check your credit for signs of deeper identity theft. (You can pull your free annual credit reports at AnnualCreditReport.com and see your credit scores for free each month on Credit.com.) Signs of your identity has been stolen include a sudden drop in credit score, mysterious accounts or high balances you weren’t aware of.