Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: IT Project Coordinator / Manager

    £25000 - £40000 per annum: Recruitment Genius: A Project Coordinator is requir...

    Metail Ltd: Business Development Manager for Asia Pacific

    £35,000 - £40,000 based on experience : Metail Ltd: As a Business Development ...

    Recruitment Genius: Customer Service Supervisor

    £15000 - £20000 per annum: Recruitment Genius: This company is a well establis...

    Guru Careers: Product Manager / Product Owner

    £30 - 40k (DOE) + Bonus & Benefits: Guru Careers: A Product Manager / Product ...

    Day In a Page

    Greece debt crisis: EU 'family' needs to forgive rather than punish an impoverished state

    EU 'family' needs to forgive rather than punish an impoverished state

    An outbreak of malaria in Greece four years ago helps us understand the crisis, says Robert Fisk
    Gaza, a year on from Operation Protective Edge: The traumatised kibbutz on Israel's front line, still recovering from last summer's war with Hamas

    Gaza, a year on from Operation Protective Edge

    The traumatised kibbutz on Israel's front line, still recovering from last summer's war with Hamas
    How to survive electrical storms: What are the chances of being hit by lightning?

    Heavy weather

    What are the chances of being hit by lightning?
    World Bodypainting Festival 2015: Bizarre and brilliant photos celebrate 'the body as art'

    World Bodypainting Festival 2015

    Bizarre and brilliant photos celebrate 'the body as art'
    alt-j: A private jet, a Mercury Prize and Latitude headliners

    Don't call us nerds

    Craig Mclean meets alt-j - the math-folk act who are flying high
    How to find gold: The Californian badlands, digging out crevasses and sifting sludge

    How to find gold

    Steve Boggan finds himself in the Californian badlands, digging out crevasses and sifting sludge
    Singing accents: From Herman's Hermits and David Bowie to Alesha Dixon

    Not born in the USA

    Lay off Alesha Dixon: songs sound better in US accents, even our national anthem
    10 best balsamic vinegars

    10 best balsamic vinegars

    Drizzle it over salad, enjoy it with ciabatta, marinate vegetables, or use it to add depth to a sauce - this versatile staple is a cook's best friend
    Wimbledon 2015: Brief glimpses of the old Venus but Williams sisters' epic wars belong to history

    Brief glimpses of the old Venus but Williams sisters' epic wars belong to history

    Serena dispatched her elder sister 6-4, 6-3 in eight minutes more than an hour
    Greece says 'No': A night of huge celebrations in Athens as voters decisively back Tsipras and his anti-austerity stance in historic referendum

    Greece referendum

    Greeks say 'No' to austerity and plunge Europe into crisis
    Ten years after the 7/7 terror attacks, is Britain an altered state?

    7/7 bombings anniversary

    Ten years after the terror attacks, is Britain an altered state?
    Beautiful evening dresses are some of the loveliest Donatella has created

    Versace haute couture review

    Beautiful evening dresses are some of the loveliest Donatella has ever created
    No hope and no jobs, so Gaza's young risk their lives, climb the fence and run for it

    No hope and no jobs in Gaza

    So the young risk their lives and run for it
    Fashion apps: Retailers roll together shopping and social networking for mobile customers

    Fashion apps

    Retailers roll together shopping and social networking for mobile customers
    The Greek referendum exposes a gaping hole at the heart of the European Union – its distinct lack of any genuine popular legitimacy

    Gaping hole at the heart of the European Union

    Treatment of Greece has shown up a lack of genuine legitimacy