Apple's Touch ID already bypassed with established 'fake finger' technique

Apple iPhone 5sIn a post to its website on Sunday, the Chaos Computer Club claimed to have bypassed the iPhone 5s' Touch ID sensor hardware, just two days after the smartphone was released on Friday.

According to a detailed walkthrough of the bypass provided by the group's biometrics hacking team, the iPhone 5s' Touch ID hardware is, in effect, merely a higher resolution version of existing sensors. This means the system can be defeated using common fingerprint lifting techniques, albeit at a more refined level.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said a CCC hacker nicknamed Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

While the process is somewhat complex, the thinking behind it is straightforward. In this case, a high-resolution 2400 dpi photo of a user's fingerprint was harvested from a glass surface using graphite dust or cyanoacrylate (the main ingredient in Super Glue) and a camera. The resulting image was cleaned up and inverted with photo editing software, then laser printed at 1200 dpi onto a transparent sheet.

To create the fake fingerprint, pink latex milk or white wood glue is laid over the printout and allowed to set. Once cured, the dummy can be peeled off the transparency, breathed on to produce a thin layer of moisture, and applied to a finger. This will grant access to a Touch ID protected device, CCC claims.

A video of the unlocking process was uploaded to YouTube:

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said CCC spokesman Frank Rieger. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

It should be noted that Apple never claimed Touch ID was a new technology, nor did the company say the method was foolproof. As seen above, there are many caveats in the production of a "fake finger," from latent fingerprint quality to digitization and printing. In addition, a would-be thief would need access to the iPhone itself after the fake is produced.

Also not taken into account is Apple's Find My iPhone app, which allows a lost or stolen phone to be wiped remotely. This leaves the window for breaking into the 5s very small, and would likely thwart all but the most dedicated criminals.

Apple's Touch ID is the company's first attempt at including a biometric security method in its consumer products. The technology comes from AuthenTec, a biometrics firm specializing in fingerprint hardware, that Apple purchased in 2012 for $356 million.

The extent to which Apple plans to incorporate biometric technology is unclear, though as it stands, Touch ID is used to unlock the iPhone 5s and make iTunes purchases. Third parties do not have access to the sensor's API, but that may change if the tech becomes a larger part of the iOS ecosystem.

Source: AppleInsider

Tags: Apple, break, hackers, iPhone

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Galaxy Note10 really is built around a 6.7-inch display
 
You may still be able to download your content
 
Facebook, Messenger and Instagram are all going away
 
Minimize apps to a floating, always-on-top bubble
 
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
 
The 2001 operating system has reached its lowest share level
 
The entire TSMC 5nm design infrastructure is available now from TSMC
 
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
232425262728 




Poll

Do you use microSD card with your phone?
or leave your own version in comments (16)