The iPhone 5S's "Touch ID"
(Credit: CNET Staff)
A day after the iPhone 5S hit the streets, a group of
hackers in Germany say they have successfully
bypassed the biometric security on the Apple's Touch
ID fingerprint sensor by using "easy everyday means."
The Chaos Computer Club announced late Saturday
that it defeated the security device by photographing
an iPhone user's fingerprint from a glass surface and
using that captured image to verify the user's login
credentials. The sensor, which resides under the home
button, replaces the four-digit passcode to unlock the
handset and authorize iTunes Store purchases.
"This demonstrates -- again -- that fingerprint
biometrics is unsuitable as access control method and
should be avoided," the group wrote in a blog post
detailing its bypass:
First, the fingerprint of the enrolled user is
photographed with 2400 dpi resolution. The
resulting image is then cleaned up, inverted and
laser printed with 1200 dpi onto transparent
sheet with a thick toner setting. Finally, pink latex
milk or white woodglue is smeared into the
pattern created by the toner onto the
transparent sheet. After it cures, the thin latex
sheet is lifted from the sheet, breathed on to
make it a tiny bit moist and then placed onto
the sensor to unlock the phone. This process has
been used with minor refinements and
variations against the vast majority of fingerprint
sensors on the market.
"We hope that this finally puts to rest the illusions
people have about fingerprint biometrics," CCC
spokesperson Frank Rieger said in a statement. "It is
plain stupid to use something that you can´t change
and that you leave everywhere every day as a security
token."
CNET has contacted Apple for comment and will
update this report when we learn more.
It wasn't immediately clear if the group would lay
claim to a bounty of more than $16,000 that is being
offered to the first person who could hack the
fingerprint sensor. IsTouchIDhackedyet.com -- the
brainchild of independent security researcher Nick
DePetrillo -- said on its Web site that it was waiting for
the group to upload video of the process before
declaring CCC the winner.
In addition to cash, the winner has been promised a
free application from CipherLaw to patent the hack;
several bottles of alcohol including Laphroaig, Maker's
Mark, Argentine wine, Patron Silver, and Bulleit
bourbon; a "dirty sex book," and an iPhone 5C .
The group's demonstration video:
http://www.youtube.com/watch?
v=HM8b8d8kSNQ&feature=player_embedded
(Via The Verge)
Comments
Post a Comment