More

        

          

    HomeNewsApple iPhone 5S TouchID fingerprint sensor hacked by Chaos Computer Club

    Apple iPhone 5S TouchID fingerprint sensor hacked by Chaos Computer Club

    -

    Hackers from the Chaos Computer Club (CCC), the largest association of hackers in Europe, claim to have successfully cracked the new fingerprint sensor in the iPhone 5S using what the group calls “easy every day means”.

    CCC has discovered that if a fingerprint of the phone’s owner is photographed from a glass service, it is enough to create a “fake finger” that can be used to unlock the iPhone 5S (Read: Apple debuts world-first 64-bit handset with iPhone 5S, iPhone 5C).

    In order to do this, the fingerprint of the user is first photographed using 2400 dpi resolution.

    The resulting image is cleaned up, inverted and laser printed with 1200 dpi onto a transparent sheet with a thick toner setting, after which pink latex milk or white wood glue is smeared into the pattern created by the toner onto the transparent sheet.

    Once the latex has dried, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.

    According to CCC, this process has been used successfully on a vast majority of fingerprint sensors on the market.

    “In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake”, said CCC’s hacker “Starbug”, who performed the critical experiments that led to the successful circumvention of the fingerprint locking.

    “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

    Frank Rieger, spokesperson of the CCC, added: “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.

    “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”