Just days after the release of the iPhone 5s last week—which comes with a fingerprint scanner built into the home button—the biometrics hacking team of the Chaos Computer Club (CCC) claims to have successfully bypassed the biometric security of Apple’s TouchID.

Apple had released the new iPhone with a fingerprint sensor that was supposedly much more secure than previous fingerprint technology…”In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake”, said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

Creating the duplicate fingerprint turns out to actually be fairly easy, they pulled the hack off with materials commonly found around the home, and if their claims are true, Apple’s TouchID shouldn’t be relied on to secure your iPhone. Hopefully Apple will eventually allow us to enable both a fingerprint—something we have, or in this case are—and a PIN code—something we know—to give us real two-factor authentication when unlocking the phone.

For their efforts the hackers involved stand to walk away with a cool $13k in cash, booze and bitcoins, although the site keeping track of the hacks is still waiting for, “… a video showing them lifting a print (like from a beer mug) and using it to unlock the phone” before awarding the prize money.

Alasdair Allan

Alasdair Allan is a scientist, author, hacker and tinkerer, who is spending a lot of his time thinking about the Internet of Things. In the past he has mesh networked the Moscone Center, caused a U.S. Senate hearing, and contributed to the detection of what was—at the time—the most distant object yet discovered.


Related
blog comments powered by Disqus

Related Supplies at Maker Shed

Follow

Get every new post delivered to your Inbox.

Join 28,398 other followers