Design Con 2015

iPhone 5s TouchID sensor hacked!

-September 23, 2013

Bypassing Apple’s TouchID, Chaos Computer Club (CCC) rapidly proved that fingerprint biometrics for access control is hardly foolproof.

Here’s how they did it—Using a photo of a user’s fingerprint taken from a glass surface, the hackers created a fake finger that unlocked an iPhone 5s that is secured with TouchID. The print was photographed, the image cleaned, inverted and laser printed with a thick tone setting. An adhesive was smeared into the pattern created by the toner and the print was lifted and put on the sensor—Voila! 



The CCC made the resolution of the fake print higher and the rest was easy using steps that have been used before. Frank Rieger, a spokesperson for the group, called fingerprint biometric security “stupid” since we all leave prints around constantly.

As a result, the 9 million iPhones sold by Apple in the past few days are, well, quite insecure. While it’s true that no one has hacked into a fingerprint stored inside the iPhone, what difference does it make if hackers enter from the outside in?

So far, three flaws have been discovered with this new phone. The other two include a security vulnerability in iOS 7 whereby lockscreen can be bypassed and another where a user was able to place phone calls from a locked phone running iOS 7 through its emergency calling functions. Forbes reported on these two vulnerabilities.

So is this a big deal? I say yes. If you tout a feature and it’s able to be broken in a matter of hours, it goes to credibility. If CCC can use an old method combined with providing higher resolution, surely Apple could have tested for this? What do you think? Any harm done? Why or why not?

Loading comments...

Write a Comment

To comment please Log In

FEATURED RESOURCES