Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    SThree: Graduate Recruitment Resourcer

    £20000 - £22500 per annum + OTE £30K: SThree: SThree Group have been well esta...

    Recruitment Genius: Web Developer

    £18000 - £20000 per annum: Recruitment Genius: This design and print company a...

    Ashdown Group: Systems Administrator - Hull - £32,000

    £30000 - £32000 per annum + £4200 car allowance: Ashdown Group: 3rd Line Suppo...

    Guru Careers: Purchasing Co-ordinator / Purchasing Administrator

    £20k + Benefits: Guru Careers: A Purchasing Co-ordinator / Administrator is ne...

    Day In a Page

    Not even the 'putrid throat' could stop the Ross Poldark swoon-fest'

    Not even the 'putrid throat' could stop the Ross Poldark swoon-fest'

    How a costume drama became a Sunday night staple
    Miliband promises no stamp duty for first-time buyers as he pushes Tories on housing

    Miliband promises no stamp duty for first-time buyers

    Labour leader pushes Tories on housing
    Aviation history is littered with grand failures - from the the Bristol Brabazon to Concorde - but what went wrong with the SuperJumbo?

    Aviation history is littered with grand failures

    But what went wrong with the SuperJumbo?
    Fear of Putin, Islamists and immigration is giving rise to a new generation of Soviet-style 'iron curtains' right across Europe

    Fortress Europe?

    Fear of Putin, Islamists and immigration is giving rise to a new generation of 'iron curtains'
    Never mind what you're wearing, it's what you're reclining on

    Never mind what you're wearing

    It's what you're reclining on that matters
    General Election 2015: Chuka Umunna on the benefits of immigration, humility – and his leader Ed Miliband

    Chuka Umunna: A virus of racism runs through Ukip

    The shadow business secretary on the benefits of immigration, humility – and his leader Ed Miliband
    Yemen crisis: This exotic war will soon become Europe's problem

    Yemen's exotic war will soon affect Europe

    Terrorism and boatloads of desperate migrants will be the outcome of the Saudi air campaign, says Patrick Cockburn
    Marginal Streets project aims to document voters in the run-up to the General Election

    Marginal Streets project documents voters

    Independent photographers Joseph Fox and Orlando Gili are uploading two portraits of constituents to their website for each day of the campaign
    Game of Thrones: Visit the real-life kingdom of Westeros to see where violent history ends and telly tourism begins

    The real-life kingdom of Westeros

    Is there something a little uncomfortable about Game of Thrones shooting in Northern Ireland?
    How to survive a social-media mauling, by the tough women of Twitter

    How to survive a Twitter mauling

    Mary Beard, Caroline Criado-Perez, Louise Mensch, Bunny La Roche and Courtney Barrasford reveal how to trounce the trolls
    Gallipoli centenary: At dawn, the young remember the young who perished in one of the First World War's bloodiest battles

    At dawn, the young remember the young

    A century ago, soldiers of the Empire – many no more than boys – spilt on to Gallipoli’s beaches. On this 100th Anzac Day, there are personal, poetic tributes to their sacrifice
    Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves

    Follow the money as never before

    Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves, reports Rupert Cornwell
    Samuel West interview: The actor and director on austerity, unionisation, and not mentioning his famous parents

    Samuel West interview

    The actor and director on austerity, unionisation, and not mentioning his famous parents
    General Election 2015: Imagine if the leading political parties were fashion labels

    Imagine if the leading political parties were fashion labels

    Fashion editor, Alexander Fury, on what the leaders' appearances tell us about them
    Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

    Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

    The architect of the HeForShe movement and head of UN Women on the world's failure to combat domestic violence