Home / Channel / iPhone fingerprint sensor hacked by Chaos Computer Club

iPhone fingerprint sensor hacked by Chaos Computer Club

It only took two days before Apple’s fingerprint sensor got hacked. Germany’s Chaos Computer Club cracked the protection around the Apple fingerprint sensor on the new iPhone 5S, only two days after the device went on sale worldwide.

The group posted on their site saying that their biometric hacking team took a fingerprint of the user photographed from a glass surface and then created a fake fingerprint which could be placed on a thin sheet of film and used like a real finger to unlock the iPhone.

The claim may have been easily dismissed in certain quarters, but the group uploaded a video as well to proof their success. The story will cause concern for many businesses who may have felt that the new fingerprint reader was a move forward in regards to keeping their mobile devices secure.

An Apple employee, right, instructs a journalist on the use of the fingerprint scanner technology built into the company's iPhone 5S during a media event held in Beijing, China, Wednesday, Sept. 11, 2013. For the first time since introducing the device that has reshaped technology and culture, Apple will offer two distinct versions of its latest iPhones - a cheaper model made of colorful plastic and another one that aims to be "the gold standard of smartphones" with a faster processor, fancier camera and fingerprint scanner for better security. (AP Photo/Ng Han Guan)
An Apple employee, right, instructs a journalist on the use of the fingerprint scanner technology built into the company’s iPhone 5S during a media event held in Beijing, China, Wednesday, Sept. 11, 2013. (AP Photo/Ng Han Guan)

Starbug, a member of the Chaos Club said “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided. In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

While this is not as severe as actually hacking the phone and extracting the fingerprint respresentation it proves that the methodology is not perfect.
[yframe url=’http://www.youtube.com/watch?v=HM8b8d8kSNQ’]

This is now the third security failing for Apple since the new phone and iOS7 were released last week. One found the Emergency Call screen can be used to place a call to any number, and another showed a flaw in iOS7 Control Centre to access photos and send emails.

The Chaos Computer Club detail how they unlocked the phone with a fake print. They took a fingerprint from glass. The print is made visible using graphite powder or a component of superglue and then photographed at high resolution to create a 2,400 ppi scan. That is then printed onto an overhead projector plastic slide using a laser print, forming a relief. This is then covered in wood glue and attached to a real finger.

Kitguru says: 2 days, must be a new record.

Become a Patron!

Check Also

Apple won’t let Epic Games re-apply for its developer program for a year

As part of the ongoing dispute and lawsuit between Epic Games and Apple, the Cupertino-based …