It only took two days before Apple’s fingerprint sensor got hacked. Germany’s Chaos Computer Club cracked the protection around the Apple fingerprint sensor on the new iPhone 5S, only two days after the device went on sale worldwide.
The group posted on their site saying that their biometric hacking team took a fingerprint of the user photographed from a glass surface and then created a fake fingerprint which could be placed on a thin sheet of film and used like a real finger to unlock the iPhone.
The claim may have been easily dismissed in certain quarters, but the group uploaded a video as well to proof their success. The story will cause concern for many businesses who may have felt that the new fingerprint reader was a move forward in regards to keeping their mobile devices secure.
Starbug, a member of the Chaos Club said “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided. In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
While this is not as severe as actually hacking the phone and extracting the fingerprint respresentation it proves that the methodology is not perfect.
This is now the third security failing for Apple since the new phone and iOS7 were released last week. One found the Emergency Call screen can be used to place a call to any number, and another showed a flaw in iOS7 Control Centre to access photos and send emails.
The Chaos Computer Club detail how they unlocked the phone with a fake print. They took a fingerprint from glass. The print is made visible using graphite powder or a component of superglue and then photographed at high resolution to create a 2,400 ppi scan. That is then printed onto an overhead projector plastic slide using a laser print, forming a relief. This is then covered in wood glue and attached to a real finger.
Kitguru says: 2 days, must be a new record.