A German hacking collective known as the Chaos Computer Club (CCC) has bypassed the biometric fingerprint sensor protection of the new iPhone, known as Touch ID, using “easy everyday means”.
The CCC claimed it had taken a photograph of a fingerprint from a glass surface and then created a “fake finger” to unlock an iPhone 5S. Last week, a crowdfunded bounty was offered to the first successful hack using such methods, which has almost hit $20,000.
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” Starbug said.
“As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere and it is far too easy to make fake fingers out of lifted prints.”
To carry out the hack, the CCC said it took a picture of a fingerprint at 2400dpi resolution, which was then inverted and laser printed at 1200dpi onto a transparent sheet with a thick toner setting.
“Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet,” the CCC said.
“After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.”
Frank Rieger, another member of the CCC, said it was “plain stupid” to use fingerprints for logins, a “technology designed for oppression and control” rather than security.
The CCC now expects to receive the ‘Is Touch ID Hacked Yet?’ funds. A note on the competition’s website, founded by two members of the security community, read: “The Chaos Computer Club in Germany may have done it! Awaiting video showing them lifting a print (like from a beer mug) and using it to unlock the phone. If so, they’ll win.”
Many feared Apple could hand over fingerprint data from Touch ID to the US government, although early indications are that the information remains native on the device and the stored information is cryptographically hashed.
Last week, a bypass of the iPhone’s passcode security was also proven to work.
Were you paying attention to the launch? Try our iPhone 5C and 5S quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…