A Group of german hackers known as the chaos Computer Club (CCC) Have Successfully cracked Touch ID, the fingerprint sensor used to secure Apple's new iPhone 5s. The hack was announced just tow days after the smartphone went to sale.
In a post on their blog,the chaos Computer Club provided details (including a video) of their method. "A fingerprint of the phone user,photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID."
The News will be worrying to businesses that may have hoped to secure company phones using Apple's new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID Since its introduction.
"In reality, Apple's sensor has just a higher resolution compared to the sensor so far.So we only needed to ramp up the resolution of our fake," said a computer club hacker known as Starbug. "As we have said now fo years,fingerprints should not be used to secure anything,You leave them everywhere,and it is far too easy to make fake fingers out of litle prints."
The technique used by the CCC have been known for year and can fool nearly all fingerprint sensors,but the group did not access the copy of the print stored by the iPhone itself.
Apple's own website describes individuals' Fingerprints as "one of the best passcodes in the world.It's always with you and no two are exactly alike", nothing that the Touch ID system can be used to "approve purchases from the ITunes Stor,the App Stor and The IBook Store."
The Method used ti crack Touch ID has been detailed by the chaos Computer Club on their website,with the process beginning by finding a fingerprint left on an object like a glass bottle.The fingerprints are made mostly of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.
Cyanoacylat ("the main ingredient of superglue") is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaner up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodhlue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.
Frank Rieger, spokesperson of the CCC, said "We hope that this finally puts to rest the illusions peope have about fingerprint biometrics. It is plain stupid to use somthing that you can't change and that you leave everywhere every day as a security token."
A pair of security experts who set up a competition with a crowdsourced cash reward for the first indivisuals to hack Touch ID has said they are awaiting Further information before confirming the method. "We are simply awaiting a full video documentation and walk through of the process that they have claimed,"Nick DePetrillo, a mobile security researcher told Reuters., "When they deliver that Video we will review it."
Apple is yet to respond with comment.
In a post on their blog,the chaos Computer Club provided details (including a video) of their method. "A fingerprint of the phone user,photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID."
The News will be worrying to businesses that may have hoped to secure company phones using Apple's new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID Since its introduction.
"In reality, Apple's sensor has just a higher resolution compared to the sensor so far.So we only needed to ramp up the resolution of our fake," said a computer club hacker known as Starbug. "As we have said now fo years,fingerprints should not be used to secure anything,You leave them everywhere,and it is far too easy to make fake fingers out of litle prints."
The technique used by the CCC have been known for year and can fool nearly all fingerprint sensors,but the group did not access the copy of the print stored by the iPhone itself.
Apple's own website describes individuals' Fingerprints as "one of the best passcodes in the world.It's always with you and no two are exactly alike", nothing that the Touch ID system can be used to "approve purchases from the ITunes Stor,the App Stor and The IBook Store."
The Method used ti crack Touch ID has been detailed by the chaos Computer Club on their website,with the process beginning by finding a fingerprint left on an object like a glass bottle.The fingerprints are made mostly of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.
Cyanoacylat ("the main ingredient of superglue") is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaner up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodhlue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.
Frank Rieger, spokesperson of the CCC, said "We hope that this finally puts to rest the illusions peope have about fingerprint biometrics. It is plain stupid to use somthing that you can't change and that you leave everywhere every day as a security token."
A pair of security experts who set up a competition with a crowdsourced cash reward for the first indivisuals to hack Touch ID has said they are awaiting Further information before confirming the method. "We are simply awaiting a full video documentation and walk through of the process that they have claimed,"Nick DePetrillo, a mobile security researcher told Reuters., "When they deliver that Video we will review it."
Apple is yet to respond with comment.
share