They did not hack the TouchID system itself.
There is a difference.
They figured out how to create a copy of the index finger and use it in a way that they could fool the sensor. In a controlled environment.
I'd like to see them get a volunteer to use the phone, register their finger print of choice, and then after 24 hours of use give the phone to the team and see if they can go through that again.
They could easily patch and fix this, and add a second layer of security. Pin + Finger etc.
Not everyone cares about their data as much as some of us. On my personal phone I barely use I'd probably want to use this, however on my work phone I would stick with a password, using all the characters available.
Annoying as hell to enter, but much less guessable.
Techdirt has not posted any stories submitted by Tom B..