Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: IT Support Engineer - 2nd & 3rd Line

    £25000 per annum: Recruitment Genius: The IT Support Engineer is needed to ass...

    Recruitment Genius: Junior / Mid Software Developer

    £22000 - £30000 per annum: Recruitment Genius: This is an exciting opportunity...

    Recruitment Genius: IT Service Desk Manager

    £35000 - £40000 per annum: Recruitment Genius: A great opportunity to join a p...

    Recruitment Genius: Graphic and Motion Designer

    Negotiable: Recruitment Genius: Do you get a buzz from thinking up new ideas a...

    Day In a Page

    The long walk west: they fled war in Syria, only to get held up in Hungary – now hundreds of refugees have set off on foot for Austria

    They fled war in Syria...

    ...only to get stuck and sidetracked in Hungary
    From The Prisoner to Mad Men, elaborate title sequences are one of the keys to a great TV series

    Title sequences: From The Prisoner to Mad Men

    Elaborate title sequences are one of the keys to a great TV series. But why does the art form have such a chequered history?
    Giorgio Armani Beauty's fabric-inspired foundations: Get back to basics this autumn

    Giorgio Armani Beauty's foundations

    Sumptuous fabrics meet luscious cosmetics for this elegant look
    From stowaways to Operation Stack: Life in a transcontinental lorry cab

    Life from the inside of a trucker's cab

    From stowaways to Operation Stack, it's a challenging time to be a trucker heading to and from the Continent
    Kelis interview: The songwriter and sauce-maker on cooking for Pharrell and crying over potatoes

    Kelis interview

    The singer and sauce-maker on cooking for Pharrell
    Refugee crisis: David Cameron lowered the flag for the dead king of Saudi Arabia - will he do the same honour for little Aylan Kurdi?

    Cameron lowered the flag for the dead king of Saudi Arabia...

    But will he do the same honour for little Aylan Kurdi, asks Robert Fisk
    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Humanity must be at the heart of politics, says Jeremy Corbyn
    Joe Biden's 'tease tour': Could the US Vice-President be testing the water for a presidential run?

    Joe Biden's 'tease tour'

    Could the US Vice-President be testing the water for a presidential run?
    Britain's 24-hour culture: With the 'leisured society' a distant dream we're working longer and less regular hours than ever

    Britain's 24-hour culture

    With the 'leisured society' a distant dream we're working longer and less regular hours than ever
    Diplomacy board game: Treachery is the way to win - which makes it just like the real thing

    The addictive nature of Diplomacy

    Bullying, betrayal, aggression – it may be just a board game, but the family that plays Diplomacy may never look at each other in the same way again
    Lady Chatterley's Lover: Racy underwear for fans of DH Lawrence's equally racy tome

    Fashion: Ooh, Lady Chatterley!

    Take inspiration from DH Lawrence's racy tome with equally racy underwear
    8 best children's clocks

    Tick-tock: 8 best children's clocks

    Whether you’re teaching them to tell the time or putting the finishing touches to a nursery, there’s a ticker for that
    Charlie Austin: Queens Park Rangers striker says ‘If the move is not right, I’m not going’

    Charlie Austin: ‘If the move is not right, I’m not going’

    After hitting 18 goals in the Premier League last season, the QPR striker was the great non-deal of transfer deadline day. But he says he'd preferred another shot at promotion
    Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

    How Isis profits from destruction of antiquities

    Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
    Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

    'If we lose touch we’ll end up with two decades of the Tories'

    In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea