Monday, September 23, 2013

iPhone 5's fingerprint recognition hacked

Well that didn't take very long:
haos Computer Club has claimed that they have managed to break Apple’s TouchID using everyday material and method available on the web.


Explaining their method on their website, the CCC hackers have claimed that all they did was photograph a fingerprint from a glass surface, ramped up the resolution of the photographed fingerprint, inverted and printed the fingerprint using thick toner settings, smeared pink latex milk or white woodglue onto the pattern, lifted the latex sheet, moistened it a little and then placed it on the iPhone 5S’ fingerprint sensor to unlock the phone.
Apple says this won't happen, but there's a video demonstration.



The Chaos Computer Club sums the issue up:
CCC spokesperson, Frank Rieger, said “It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.”
Word.

6 comments:

Jake (formerly Riposte3) said...

Even worse, you don't just leave that particular token "everywhere every day", you leave it on the nice, shiny glass surface of the very device you're using it to 'secure'.

In other words, it's just like locking your door and leaving a picture of the key taped to it.

*facepalm*

Jake (formerly Riposte3) said...

In fact, now that I'm at home and can watch the video in full screen HD, I noticed that you can see several pretty good fingerprints on the screen right there.

Dumb idea.

kx59 said...

unexpectedly unexpected?

Anonymous said...

A major key plot point of the Dark Knight Rises was the use of one of Bruce Wayne's fingerprints to ruin him financially.
Which tells me the Apple techies are not allowed out much. Or work for the NSA who definitely did.

Unknown said...

It seems that the security levels in the new fingerprint recognition feature is low.

Thanks
Silvester Norman

Change MAC Address

Unknown said...

TouchID is the most noteworthy feature of Apple iPhone 5S & u hacked it. This shows Apple iPhone 5S still requires some enhanced security features.