It only took three days to hack the iPhone 5s’ Touch ID authentication system.
Per The Mac Observer, the gChaos Computer Club has claimed to have hacked Apple’s newest security feature. The group started by scanning the fingerprint associated with an iPhone at high resolution, and then printing it out for transfer to another material such as latex. Once the material holding the print, complete with ridges and grooves, has finished setting up, the group placed it over someone else’s finger and used it to successfully unlock the iPhone.
The Chaos Computer Club said, “In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake.”
They added that it’s a simple process to lift fingerprints and then convert those into fakes that can be used to bypass security systems. “You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” they said.
While the process CCC showed was fairly straight forward, it isn’t exactly a simple process for the average person. It involves successfully collecting a quality fingerprint, scanning it at 2400 DPI or higher, and cleaning up the scanned image and then printing it to an acetate sheet on a laser printer before applying the material that will ultimately hold the fake print.
The group released the following video demonstrating the hack:
Assuming someone steals your iPhone with the intent of hacking around Touch ID it’s actually much easier to simply make you unlock your iPhone instead of duplicating your finger or thumb’s unique patterns. Find My iPhone can also be used to remotely wipe the device and keep anyone from hacking into your personal information.
The bigger problem in this case is that someone else has physical control over your iPhone. When that happens it’s much easier to find ways to hack in — especially since at that point the potential hackers have time on their hands.
Even still, the CCC’s Touch ID demonstration does show that Apple’s Touch ID technology may not be quite as secure as the company implied.
Working around fingerprint security systems is something that people have been doing for years, and Apple doesn’t force iPhone 5s owners to use Touch ID. It’s a convenient alternative to using a four-digit passcode, and is still more difficult to work around.
Stay tuned for additional details as they become available.