iPhone's TouchID fingerprint reader hacked by German group in days
23rd Sep 2013 | 03:03
All it took was just one weekend...
"A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID," the group wrote in a blog post on September 21 at 10pm.
The post then suggests that the hack, discovered by CCC member Starbug, can be done using household materials.
Described in just a paragraph on CCC's blog, the first step is photographing the enrolled users fingerprint in 2,400 dpi resolution.
The image then needs to inverted and laser printed on to a transparent sheet in 1,200 dpi resolution and thick toner setting. This is apparently where the difficult part ends.
Latex milk or white wood-glue can be used to create a mould by spreading it onto the transparent sheet and letting it dry. Then you breathe on the mould for moisture and place it on the sensor to unlock the phone.
Here's a video of the latex in action:
Although you'll still need to have a good quality photo of the fingerprint first to be able to use CCC's method, there are those that argue that while passcodes can be kept secret or changed, fingerprints are public and cannot be changed.
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics," said CCC spokesperson Frank Rieger.
"It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token," he added.
Of course, the counter argument is that passcodes can be hacked as well or someone can simply look over your shoulder, and Apple has spoken about Touch ID security concerns, saying it has everything under control.
- Here's our review of the iPhone 5S, including what we think of the Touch ID.