Reportedly, a few days after the iPhone 5S was launched, its new fingerprint technology has already been hacked.
It was heralded as a major step forward in smartphone security, grabbing the headlines when Apple unveiled its newest iPhone earlier this month. Despite Apple’s claims that the new iPhone with a fingerprint sensor was “much more secure than previous fingerprint technology”, a group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID.
The Berlin-based hackers showed that a photo of the phone user’s fingerprint, taken from the glass surface, was more than enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
They then scanned it, before laser printing it onto a transparent sheet and covering it in woodglue. Once the glue had dried, they peeled off the print copy, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
Authors Charlie Miller and Dino Dai Zovi, who wrote “The iOS Hacker’s Handbook”, said they believed the claim was legitimate. “The CCC doesn’t fool around or over-hype, especially when they are trying to make a political point,” Dai Zovi told Reuters.
Charlie Miller described the work as “a complete break” of Touch ID security. “It certainly opens up a new possibility for attackers.”
Both Nick DePetrillo and Robert Graham, security experts, launched a contest for the first hackers who “cracked the iPhone,” with $10,000 thrown in from I/O Capital, but all said they need to make their own determination about who won the prize.
CCC, one the world’s largest and most respected hacking groups, posted a video on its website that appeared to show somebody accessing an iPhone 5S with a fabricated print. The site described how members of its biometrics team had cracked the new fingerprint reader, one of the few major high-tech features added to the latest version of the iPhone.
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug.
“As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
Chaos Computer Club first published the steps taken to bypass fingerprint scanners in 2004 and they claim that it uses everyday household items – meaning anyone can do it, says the Daily Mail.
Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It’s always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.
Actually, recently the fingerprint sensor on the iPhone 5s has become the subject of stifled giggles. Throughout the weekend technology bloggers found weird and wonderful ways to use the sensor, like users unlocking the handset with big toes, cats’ paws and even their own nipples.