Apple's Touch ID Bypassed By German Hackers
Posted: September 23, 2013 by Alex Chan
A group of German hackers, aka the Chaos Computer Club, claims to have tricked Apple's Touch ID fingerprint technology by using a modified fingerprint lifting and "fake finger" creation technique. Two days after Apple's new Touch ID biometric security system debuted on iPhone 5s on Friday, the group revealed their "hacking" method in a blog post, all just to prove that fingerprint biometrics is not safe and should be avoided.
In a detailed walkthrough, the group's biometrics hacking team explains that iPhone 5s' Touch ID hardware is only a higher resolution version of the already existing sensors. This means the system can be fooled using common fingerprint lifting techniques.
For the curious, the procedure goes as follows:
"First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market."
While it's not very likely that someone would bother to reproduce the above steps just for the sake of unlocking your phone, CCC's spokesman Frank Rieger says biometric security like Touch ID has more heinous implications. As he says, fingerprint biometrics is a technology created for "oppression and control, not for securing everyday device access."