The unique
fingerprint sensor in the iPhone 5S has been made less unique after the German
Chaos Computer Club (CCC) fooled the iPhone’s Touch ID with a fake fingerprint
of the user.
The Chaos
Computer club revealed on its website how it was able to successfully show that
the mode of security being employed in the new phone is not the best.
“The
biometric team of the Chaos Computer Club (CCC) has successfully bypassed the
biometric security of Apple’s TouchID using easy everyday means. A fingerprint
of the phone user, photographed from a glass surface, was enough to create a
fake finger that could unlock an iPhone 5S secured with TouchID.” the team
revealed.
“In reality,
Apple’s sensor has just a higher resolution compared to the sensors so far. So
we only needed to ramp up the resolution of our fake,” a member of the club,
Starbug said.
“As we have
said now for more than years, fingerprints should not be used to secure
anything. You leave them everywhere, and it is far too easy to make fake
fingers out of lifted prints.” he said.
The breach
was carried out with wood glue, glass, a camera to take a picture of the
fingerprint and a laser printer. Fingerprint found on an object (a glass
bottle) was photographed at a 2400dpi (density per inch) resolution.
The picture
was then printed at 1200dpi (which is considerably higher than TouchID’s
550dpi) onto a transparent sheet. Woodglue or latex was smeared on the print to
create a duplicate and left to dry. The print which was breathed to was then
used to unlock the iPhone 5S.
“We hope that
this finally puts to rest the illusions people have about fingerprint
biometrics. It is plain stupid to use something that you can’t change and that
you leave everywhere every day as a security token.” CCC spokesman Frank Rieger
said.
Posts
iPhone 5S unlocked with a fake finger