Sunday, September 22, 2013

iPhone 5S' fingerprint security can be easily broken, hackers show

Apple says that the new iPhone 5S' fingerprint sensor is "a convenient and highly secure way to access your phone." The former is true. The latter, not so much. The fingerprint security can be easily broken. Jealous spouses and industrial spies, rejoice!

While the usual Apple sycophants bought into the company's claims without even questioning them, the hackers from the Chaos Computer Club in Germany have demonstrated that you can steal the fingerprint from any drinking glass and access anyone's iPhone 5S without any difficulty.

The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.

[...]

First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

The video above demonstrates that the hack works perfectly. So no, contrary to Apple's corpospeak and all the echoes from the Cupertino chorus line, your iPhone's fingerprint security can be broken with a camera, a laser printer, and some wood glue. Just like every other fingerprint sensor in the world.

So yes, the fingerprint sensor is convenient but don't depend on it to protect any sensitive information in your iPhone. If you think someone may be interested in accessing it for whatever reason, they will be able to do it easily.


Source: Gizmodo

No comments:

Post a Comment