Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Design Apprentice

    £6240 per annum: Recruitment Genius: This company is a well established websit...

    Recruitment Genius: Senior .Net Application Developer

    £40000 - £60000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: .Net / SQL Developer

    £25000 - £35000 per annum: Recruitment Genius: A skilled .NET developer with e...

    Recruitment Genius: IT Technical Support Engineer - PC/Mac

    £25000 - £30000 per annum: Recruitment Genius: This IT support company are cur...

    Day In a Page

    Isis hostage crisis: The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power

    Isis hostage crisis

    The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power, says Robert Fisk
    Missing salvage expert who found $50m of sunken treasure before disappearing, tracked down at last

    The runaway buccaneers and the ship full of gold

    Salvage expert Tommy Thompson found sunken treasure worth millions. Then he vanished... until now
    Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

    Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

    Maverick artist Grayson Perry backs our campaign
    Assisted Dying Bill: I want to be able to decide about my own death - I want to have control of my life

    Assisted Dying Bill: 'I want control of my life'

    This week the Assisted Dying Bill is debated in the Lords. Virginia Ironside, who has already made plans for her own self-deliverance, argues that it's time we allowed people a humane, compassionate death
    Move over, kale - cabbage is the new rising star

    Cabbage is king again

    Sophie Morris banishes thoughts of soggy school dinners and turns over a new leaf
    11 best winter skin treats

    Give your moisturiser a helping hand: 11 best winter skin treats

    Get an extra boost of nourishment from one of these hard-working products
    Paul Scholes column: The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him

    Paul Scholes column

    The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him
    Frank Warren column: No cigar, but pots of money: here come the Cubans

    Frank Warren's Ringside

    No cigar, but pots of money: here come the Cubans
    Isis hostage crisis: Militant group stands strong as its numerous enemies fail to find a common plan to defeat it

    Isis stands strong as its numerous enemies fail to find a common plan to defeat it

    The jihadis are being squeezed militarily and economically, but there is no sign of an implosion, says Patrick Cockburn
    Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action

    Virtual reality: Seeing is believing

    Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action
    Homeless Veterans appeal: MP says Coalition ‘not doing enough’

    Homeless Veterans appeal

    MP says Coalition ‘not doing enough’ to help
    Larry David, Steve Coogan and other comedians share stories of depression in new documentary

    Comedians share stories of depression

    The director of the new documentary, Kevin Pollak, tells Jessica Barrett how he got them to talk
    Has The Archers lost the plot with it's spicy storylines?

    Has The Archers lost the plot?

    A growing number of listeners are voicing their discontent over the rural soap's spicy storylines; so loudly that even the BBC's director-general seems worried, says Simon Kelner
    English Heritage adds 14 post-war office buildings to its protected lists

    14 office buildings added to protected lists

    Christopher Beanland explores the underrated appeal of these palaces of pen-pushing
    Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

    Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

    Scientists unearthed the cranial fragments from Manot Cave in West Galilee