German Hacking Crew Cracks iPhone Touch ID

A German hacking collective known as the Chaos Computer Club (CCC) has bypassed the biometric fingerprint sensor protection of the new iPhone, known as Touch ID, using “easy everyday means”.

The CCC claimed it had taken a photograph of a fingerprint from a glass surface and then created a “fake finger” to unlock an iPhone 5S. Last week, a crowdfunded bounty was offered to the first successful hack using such methods, which has almost hit $20,000.

Touch ID hacked

A hacker named Starbug was credited with the exploit and a short video showing the use of a fake fingerprint has been posted online.

“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” Starbug said.

“As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere and it is far too easy to make fake fingers out of lifted prints.”

To carry out the hack, the CCC said it took a picture of a fingerprint at 2400dpi resolution, which was then inverted and laser printed at 1200dpi onto a transparent sheet with a thick toner setting.

“Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet,” the CCC said.

“After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.”

Frank Rieger, another member of the CCC, said it was “plain stupid” to use fingerprints for logins, a “technology designed for oppression and control” rather than security.

The CCC now expects to receive the ‘Is Touch ID Hacked Yet?’ funds. A note on the competition’s website, founded by two members of the security community, read: “The Chaos Computer Club in Germany may have done it! Awaiting video showing them lifting a print (like from a beer mug) and using it to unlock the phone. If so, they’ll win.”

Many feared Apple could hand over fingerprint data from Touch ID to the US government, although early indications are that the information remains native on the device and the stored information is cryptographically hashed.

Last week, a bypass of the iPhone’s passcode security was also proven to work.

Were you paying attention to the launch? Try our iPhone 5C and 5S quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

12 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

14 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

16 hours ago