Apple iPhone 5S TouchID fingerprint security hacked already [video]
Apple was pretty confident that their TouchID security system, one of the main features on their new iPhone 5S, was better than the rest. That may be so, but it has still been bypassed.
Apple stated that the iPhone’s fingerprint sensor is different from other lesser fingerprint sensors as it can’t be fooled because it uses your deep skin fingerprint. That claim was seen as a challenge for the hackers from the Chaos Computer Club in Germany.
The group from CCC claim that, in reality, the sensor is just the same as any other sensor. OK, it runs at a higher resolution, but it can be fooled just the same.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple’s TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5S secured with TouchID.
The group took the fingerprint from a glass and were able to access a “fingerprint secured” iPhone 5S without any difficulty.
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
So, in short, all this means is that the iPhone 5S fingerprint security can be slipped by using a camera, a laser printer, and some wood glue – the same as almost every other fingerprint sensor in the world.
That doesn’t necessarily render TouchID useless however. How many people out there have anything so important on their phone to warrant such a hack?
Personally I see TouchID as just the next step from entering a PIN code on your phone – it will be enough to put off a nosy housemate, a prankster friend, a suspicious spouse or your parents. If you’ve got something on your phone that someone is really intent on seeing, they’ll get it one way or another.
See the hack in action below.