The iOS 7 was released on Friday, and 2 days later the Chaos Computer Club claimed to have bypassed iPhone 5s’ Touch ID sensor hardware.
According to a detailed walkthrough of the bypass provided by the group’s biometrics hacking team, the iPhone 5s’ Touch ID hardware is only a higher resolution version of the present sensors. This means the system can be defeated using common fingerprint lifting techniques, albeit at a more refined level.
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake”, a CCC hacker nicknamed Starbug noted. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
To create the fake fingerprint, pink latex milk or white wood glue is laid over the printout and allowed to set. Once cured, the dummy can be peeled off the transparency, breathed on to produce a thin layer of moisture, and applied to a finger. This will grant access to a Touch ID protected device, CCC claims.
“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token”, said CCC spokesman Frank Rieger. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
This raises concerns that a would-be thief would need access to the iPhone itself after the fake is produced. To be added, you can back up iPhone 5S data to Mac with iPhone Data Recovery for Mac, so that you still have access to all data on iPhone even when iPhone is lost or damaged.
About Touch ID
Touch ID is intended to reduce the number of times a person must enter a passcode, but Apple still requires a passcode in some circumstances, such as restarting the phone and if the devices hasn’t been unlocked in two days. Changes to the fingerprint settings also require a passcode, which can be configured to be longer and more complex than four digits.
The Touch ID is the first time that Apple uses biometric security method in its consumer products. The technology comes from AuthenTec, a biometrics firm specializing in fingerprint hardware, that Apple purchased in 2012 for $356 million.
For more information on iPhone 5S finger print, check the post Everything You Need to Know on iPhone 5S Finger Print.