Apple's fingerprint sensor on new iPhones successfully hacked days after going on sale

Germany's Chaos Computer Club warns that Touch ID is not safe, showing in a video how prints lifted from a glass bottle can fool Apple's biometrics

A group of German hackers known as the Chaos Computer Club (CCC) have successfully cracked Touch ID, the fingerprint sensor used to secure Apple’s new iPhone 5s. The hack was announced just two days after the smartphone went on sale.

In a post on their blog, the Chaos Computer Club provided details (including a video above) of their method. “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”

The news will be worrying to businesses that may have hoped to secure company phones using Apple’s new technology, but will be of little surprise to the online security community, who have been sceptical about Touch ID since its introduction.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” said a Computer Club hacker known as Starbug. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The technique used by the CCC have been known for years and can fool nearly all fingerprint sensors, but the group did not access the copy of the print stored by the iPhone itself.

Apple’s own website describes individuals’ fingerprints as “one of the best passcodes in the world. It's always with you, and no two are exactly alike”, noting that the Touch ID system can be used to “approve purchases from the iTunes Store, the App Store and the iBooks Store”.

The method used to crack Touch ID has been detailed by the Chaos Computer Club on their website, with the process beginning by finding a fingerprint left on an object like a glass bottle. The fingerprints are made mostly comprised of fat residue and sweat and can be highlighted by sprinkling surfaces with coloured powders.

Cyanoacrylat (“the main ingredient of superglue”) is then applied to the print to sharpen its outlines. This is photographed at a 2400dpi resolution, imported into a computer, cleaned up with imaging software and then printed out at 1200dpi resolution onto a transparent sheet. Woodglue or latex is then smeared on the print to create a duplicate and left to dry. This can then be used to gain access to the iPhone 5s.

Frank Rieger, spokesperson of the CCC, said “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token.”

Although the CCC has successfully tricked the Touch ID sensor, their hack did not retrieve

A pair of security experts who set up a competition with a crowdsourced cash reward for the first individuals to hack Touch ID have said they are awaiting further information before confirming the method.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," Nick DePetrillo, a mobile security researcher told Reuters, "When they deliver that video we will review it."

Apple has yet to respond with comment.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle)

    £35000 - £45000 per annum: Ashdown Group: Moodle Developer (PHP ,Linux, Apache...

    Recruitment Genius: Web Developer

    £17000 - £30000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: Junior .NET Web Developer - Winform / MVC

    £21000 - £26000 per annum: Recruitment Genius: This Award-winning pharma softw...

    Recruitment Genius: Senior Java Developer

    £30000 - £45000 per annum: Recruitment Genius: A Senior Java Developer is requ...

    Day In a Page

    Isis in Iraq: Yazidi girls killing themselves to escape rape and imprisonment by militants

    'Jilan killed herself in the bathroom. She cut her wrists and hanged herself'

    Yazidi girls killing themselves to escape rape and imprisonment
    Ed Balls interview: 'If I think about the deficit when I'm playing the piano, it all goes wrong'

    Ed Balls interview

    'If I think about the deficit when I'm playing the piano, it all goes wrong'
    He's behind you, dude!

    US stars in UK panto

    From David Hasselhoff to Jerry Hall
    Grace Dent's Christmas Quiz: What are you – a festive curmudgeon or top of the tree?

    Grace Dent's Christmas Quiz

    What are you – a festive curmudgeon or top of the tree?
    Nasa planning to build cloud cities in airships above Venus

    Nasa planning to build cloud cities in airships above Venus

    Planet’s surface is inhospitable to humans but 30 miles above it is almost perfect
    Surrounded by high-rise flats is a little house filled with Lebanon’s history - clocks, rifles, frogmen’s uniforms and colonial helmets

    Clocks, rifles, swords, frogmen’s uniforms

    Surrounded by high-rise flats is a little house filled with Lebanon’s history
    Return to Gaza: Four months on, the wounds left by Israel's bombardment have not yet healed

    Four months after the bombardment, Gaza’s wounds are yet to heal

    Kim Sengupta is reunited with a man whose plight mirrors the suffering of the Palestinian people
    Gastric surgery: Is it really the answer to the UK's obesity epidemic?

    Is gastric surgery really the answer to the UK's obesity epidemic?

    Critics argue that it’s crazy to operate on healthy people just to stop them eating
    Homeless Veterans appeal: Christmas charity auction Part 2 - now LIVE

    Homeless Veterans appeal: Christmas charity auction

    Bid on original art, or trips of a lifetime to Africa or the 'Corrie' set, and help Homeless Veterans
    Pantomime rings the changes to welcome autistic theatre-goers

    Autism-friendly theatre

    Pantomime leads the pack in quest to welcome all
    The week Hollywood got scared and had to grow up a bit

    The week Hollywood got scared and had to grow up a bit

    Sony suffered a chorus of disapproval after it withdrew 'The Interview', but it's not too late for it to take a stand, says Joan Smith
    From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?

    Panto dames: before and after

    From Widow Twankey to Mother Goose, how do the men who play panto dames get themselves ready for the performance of a lifetime?
    Thirties murder mystery novel is surprise runaway Christmas hit

    Thirties murder mystery novel is surprise runaway Christmas hit

    Booksellers say readers are turning away from dark modern thrillers and back to the golden age of crime writing
    Anne-Marie Huby: 'Charities deserve the best,' says founder of JustGiving

    Anne-Marie Huby: 'Charities deserve the best'

    Ten million of us have used the JustGiving website to donate to good causes. Its co-founder says that being dynamic is as important as being kind
    The botanist who hunts for giant trees at Kew Gardens

    The man who hunts giants

    A Kew Gardens botanist has found 25 new large tree species - and he's sure there are more out there