So, I have a credit card attached to my iTunes account. Say my phone with TouchID gets stolen.
If what is said holds true, the absolute worst case scenario that could happen is that the thief actually hacks the device and gains access to the storage place of the encrypted hashes that should only be accessible by the sensor itself. He then somehow reverses this hash into a form that the iOS system would expect to come from the sensor. Then, he would be able to forego to fingerprint sensor and send the spoofed fingerprint signal to the system, making it seem like the owner touched the sensor. And since he now has access to my phone, he can do everything someone can do with an unlocked iPhone plus make purchases with my iTunesID.
This spoofed signal should be useless anywhere else outside the iOS system. I very much doubt that someone could re-factor this hash into an actual image of a fingerprint.
And if I get my phone stolen, TouchID or not, I would of course go and a) remote wipe the device which I hope includes the deletion of these encrypted fingerprint hashes and b) Maybe cancel the credit card attached to the iTunes account.
If what is said holds true, the absolute worst case scenario that could happen is that the thief actually hacks the device and gains access to the storage place of the encrypted hashes that should only be accessible by the sensor itself. He then somehow reverses this hash into a form that the iOS system would expect to come from the sensor. Then, he would be able to forego to fingerprint sensor and send the spoofed fingerprint signal to the system, making it seem like the owner touched the sensor. And since he now has access to my phone, he can do everything someone can do with an unlocked iPhone plus make purchases with my iTunesID.
This spoofed signal should be useless anywhere else outside the iOS system. I very much doubt that someone could re-factor this hash into an actual image of a fingerprint.
And if I get my phone stolen, TouchID or not, I would of course go and a) remote wipe the device which I hope includes the deletion of these encrypted fingerprint hashes and b) Maybe cancel the credit card attached to the iTunes account.