A hacker group based in Germany says it has managed to crack Apple’s new Touch ID biometric security system with a modified fingerprint lifting method and a “fake finger” creation technique.
According to Chaos Computer Club (CCC), the technique successfully bypasses the iPhone 5s’ Touch ID sensor hardware.
“Apple’s sensor has just a higher resolution compared to the sensors (so far). So we only needed to ramp up the resolution of our fake,” a CCC hacker nicknamed Starbug confirmed. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
According to AppleInsider, the CCC hackers harvested a high-resolution 2400 dpi photo of a user’s fingerprint from a glass surface using graphite dust or cyanoacrylate (the primary ingredient in Super Glue) and a camera. The resulting image was then cleaned and inverted using photo editing software and laser printed at 1200 dpi onto a transparent sheet.
“To create the fake fingerprint, pink latex milk or white wood glue is laid over the printout and allowed to set,” AppleInsider explained. “Once cured, the dummy can be peeled off the transparency, breathed on to produce a thin layer of moisture, and applied to a finger. This will [reportedly] grant access to a Touch ID protected device.”
CCC spokesman Frank Rieger said that he hoped the above-mentioned crack would finally put to rest the the illusions some people have about fingerprint biometrics.
“It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token,” he said. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”