IPhone Fingerprint Sensor Cracked, Researchers Call Tech "Plain Stupid"
September 23, 2013 1:01 PM
comment(s) - last by
Chaos Computer Club unlocks iPhones with high resolution-image based tactic, points out legal dangers
For iPhone owners that use the fingerprint sensor as a password, be aware that it's pretty much useless from a security perspective. It turns out that as with past inexpensive fingerprint readers, the system could easily be tricked by showing it a photograph of the target's fingerprint.
A site sponsored a crowd-funded competition to see who could be the first to crack the security feature found on the new Apple, Inc. (
. The prize -- which
included a pledge of $10,000 USD from a Chicago-based venture capital fund
-- attracted a lot of attention.
I. CCC Makes Short Work of Apple's Supposedly Secure Sensor
It appears that the first group to successfully circumvent the sensor's security was
Chaos Computer Club
a German hacker ring
that has accomplished many challenging hacks and exploits over the years.
The trick -- as a CCC member who goes by the handle "Starbug" states -- is to use at least 2,400 dots per inch (dpi) for the photograph of the target's fingerprint, and 1,200 dpi for the printed copy.
"Starbug", "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
The hack is demonstrated in a video posted by the CCC to YouTube:
The only "trick" outside the resolution is that you need to print onto a transparent sheet and after printing; you need to lift the fingerprint onto a polymer using "pink latex milk or white woodglue". The latex layer is then cured and lifted, and breathed upon to "make it a tiny bit moist and then placed onto the sensor to unlock the phone."
Don't make it too moist, though as the fingerprint sensor can
only be used with "dry" fingers
The iPhone 5S's sensor can easily be tricked with a "fake finger". [Image Source: Apple]
It's important to note that the only part of the process that involves the target user -- getting their fingerprint -- can be done quickly and surreptitiously. The remaining steps can be taken at their own pace at a secure location of the unlocker's choosing.
II. Another Danger -- Police Seizing Your Data
CCC spokesperson Frank Rieger chides Apple and others for proliferating the myth of security regarding fingerprint-based biometrics. He states:
We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.
The group raises another interesting point regarding smartphone unlocking and legality. The group writes:
Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much
harder under most jurisdictions
than just casually swiping your phone over your handcuffed hands.
If you get arrested, and have an iPhone with fingerprint unlock enabled, police can easily get ahold of your private data. [Image Source: BUSINESS, GOVERNMENT AND SOCIETY FIVE]
In other words, the supposed "crowning" feature on Apple's new smartphone
may be worse than worthless
-- it may be luring users into a false sense of security and compromising their data.
says the CCC was the first group or individual to report a successful hack on the sensor. The site is in the process of confirming the CCC's hack. Once confirmed they'll receive the horde of goodies, including sweet, sweet cash.
CCC [press release]
Is Touch ID Hacked Yet [YES!]
This article is over a month old, voting and posting comments is disabled
How to make Touch ID full proof
9/23/2013 4:28:04 PM
Just use a body part other than a finger.
I kid you not.
Here is a guy using his nipple
Unless one is into some pretty strange stuff it is very unlikely that you will leave a nipple print on your phone.
Of course some other body parts can also be used……………….
RE: How to make Touch ID full proof
9/24/2013 12:14:24 PM
Actually, I think you're on to something. Certainly not a nipple, though (though that method opens up a huge library of fantasies for nerds when such a technique would be in common use among both male and female users).
How about the side of ones finger, immediately adjacent to the traditional fingerprint? Surely there are very few instances of impressions of that part of the finger left inadvertently around.
Finally, I was curious as to why Apple specifically mentioned that the new identification technique was NOT being released to app developers. Can you imagine the litigation if BofA's app used the sensor to access accounts, and then later realized that it was easy to hack?
RE: How to make Touch ID full proof
9/24/2013 4:58:46 PM
Now, you are on a crowded bus, and you uncover your nipple to unlock your phone and send a text.
I've only one word for that: awkward.
"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer
Senator Al Franken Questions Apple over iPhone 5S Fingerprint Technology
September 23, 2013, 9:44 AM
Apple's iPhones 5S, iPhone 5C Launch; Bounty Placed on "Cracking" Fingerprint Sensor
September 20, 2013, 1:35 PM
iPhone 5S Fingerprint Scanner Details Surface; Sweaty Fingers Not Allowed
September 12, 2013, 10:46 AM
Apple Announces $99 iPhone 5C, iPhone 5S with 64-bit A7 Processor and "Touch ID"
September 10, 2013, 1:15 PM
FBI Orders Google to Give it Access to Users' Locked Android Phones
March 15, 2012, 3:30 PM
Chromebooks Expected to See Sales Grow 26 Percent to 7.3 Million Units This Year
May 22, 2015, 1:26 PM
Apple Finally Updates 15" MacBook Pro w/ Force Touch; 5K iMac Gets Price Cut
May 20, 2015, 1:45 PM
LG G4's International Rollout Begins; Pint-Sized G4c, High-End G4 Stylus Trot Out
May 19, 2015, 12:54 AM
President Obama Posts His First "Personal" Tweet to Twitter Via an iPhone
May 18, 2015, 4:38 PM
Microsoft Bricks the Xbox Ones of Gears of War Testers Responsible for Leaks
May 14, 2015, 5:26 PM
Windows 10 Mobile Build 10080 is Available for New Phones, Brings Office Preview
May 14, 2015, 2:53 PM
Most Popular Articles
America's Largest Cable Company, Comcast, Sees Internet Subscriptions Pass TV
May 4, 2015, 2:46 PM
Can id Software's Doom Find Its Way Out of a 7+ Year Development Hell?
May 19, 2015, 7:38 PM
Oculus Rift Confirms "Pause" in OS X, Linux Development, Some Devs are Mad
May 18, 2015, 11:36 PM
The Pirate Bay Loses Its Iconic Swedish Dot SE Domains
May 20, 2015, 6:31 PM
In-Depth: Apple's ~$1B Court Victory Over Samsung to be Cut up to a Third
May 18, 2015, 9:20 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information