Not hacked in the normal sense but there have been kids who needed their sleeping parents' phones unlocked, so they just put the phone to their parents' fingers...
Given the amount of media attention there was when the early proof of concept hacks emerged, I'd be amazed if they wouldn't be all over any story that had even the slightest suggestion that someone might have lost data as a result of a stolen phone having been hacked via TouchID.
It's much worse for pictures than fingerprints because most people have tons of pictures of themselves online now, and many are also public. It's probably just a matter of time before malicious hackers start spoofing their identities.
don't forget all the ongoing advances in the "here's a bunch of pictures, come up with a 3d model of the person" problem, making the spoofing even easier
Well we had this idea ten years ago, but the biometric scan was checked for freshness against a database of biometric scans. It was thought for protect the conversation between two leers however and not for blind validation.
The idea to protect against this kind of replay attack was that if the algorithm was unsure of the scan it could request a new one, validate it and present it to the user in case of low confidence biometric match or high confidence forgery: the point being that humans are good at detecting the kind of tampering that could fool an algorithm and vice versa.
This required to send the biometric scan to the peer and to validate it on the other side of the communication channel instead that on the device.
Well, we weren't technically using it as password in the end, I guess I'll have a closer look at what they're doing. And check if that old patent is still good. Eheh not that I have any rights to it left of course.