Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

Sport
Super BowlAfter Katy Perry madness it's back to The Independent's live coverage of Super Bowl 49!
News
See what Twitter had to say about the first half of the Super Bowl
News
people
News
people
PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Design Apprentice

    £6240 per annum: Recruitment Genius: This company is a well established websit...

    Recruitment Genius: Senior .Net Application Developer

    £40000 - £60000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: .Net / SQL Developer

    £25000 - £35000 per annum: Recruitment Genius: A skilled .NET developer with e...

    Recruitment Genius: IT Technical Support Engineer - PC/Mac

    £25000 - £30000 per annum: Recruitment Genius: This IT support company are cur...

    Day In a Page

    The super-rich now live in their own Elysium - they breathe better air, and eat better food, when they're not making beans on toast for their kids

    The super-rich now live in their own Elysium

    They breathe better air, eat better food, take better medicine
    A generation of dropouts failed by colleges

    Dropout generation failed by colleges

    £800m a year wasted on students who quit courses before they graduate
    Entering civilian life 'can be like going into the jungle' for returning soldiers

    Homeless Veterans appeal

    Entering civilian life can be like going into the jungle
    Sam Taylor-Johnson: Woman on top

    Sam Taylor-Johnson: Woman on top

    Fifty Shades of Grey director on bringing the hit to the screen
    Shazam! Story of the $1bn 'what's that song?' app

    Shazam: Story of the $1bn 'what's that song?' app

    As in 1942, Germany must show restraint over Greece

    As in 1942, Germany must show restraint over Greece

    Mussolini tried to warn his ally of the danger of bringing the country to its knees. So should we, says Patrick Cockburn
    Britain's widening poverty gap should be causing outrage at the start of the election campaign

    The short stroll that should be our walk of shame

    Courting the global elite has failed to benefit Britain, as the vast disparity in wealth on display in the capital shows
    Homeless Veterans appeal: The rise of the working poor: when having a job cannot prevent poverty

    Homeless Veterans appeal

    The rise of the working poor: when having a job cannot prevent poverty
    Prince Charles the saviour of the nation? A new book highlights concerns about how political he will be when he eventually becomes king

    Prince Charles the saviour of the nation?

    A new book highlights concerns about how political he will be when he eventually becomes king
    How books can defeat Isis: Patrick Cockburn was able to update his agenda-setting 'The Rise of Islamic State' while under attack in Baghdad

    How books can defeat Isis

    Patrick Cockburn was able to update his agenda-setting 'The Rise of Islamic State' while under attack in Baghdad
    Judith Hackitt: The myths of elf 'n' safety

    Judith Hackitt: The myths of elf 'n' safety

    She may be in charge of minimising our risks of injury, but the chair of the Health and Safety Executive still wants children to be able to hurt themselves
    The open loathing between Barack Obama and Benjamin Netanyahu just got worse

    The open loathing between Obama and Netanyahu just got worse

    The Israeli PM's relationship with the Obama has always been chilly, but going over the President's head on Iran will do him no favours, says Rupert Cornwell
    French chefs get 'le huff' as nation slips down global cuisine rankings

    French chefs get 'le huff' as nation slips down global cuisine rankings

    Fury at British best restaurants survey sees French magazine produce a rival list
    Star choreographer Matthew Bourne gives young carers a chance to perform at Sadler's Wells

    Young carers to make dance debut

    What happened when superstar choreographer Matthew Bourne encouraged 27 teenage carers to think about themselves for once?
    Design Council's 70th anniversary: Four of the most intriguing prototypes from Ones to Watch

    Design Council's 70th anniversary

    Four of the most intriguing prototypes from Ones to Watch