Hackers Say They’ve Already Defeated the iPhone’s Fingerprint Scanner
Posted on Sep 22, 2013
Well that didn’t take long. Hackers from the Chaos Computer Club have posted a video in which one of the new iPhone’s major selling points is rendered moot.
In case you missed the news, the new iPhone 5s has a built-in fingerprint scanner that is supposed to prevent strangers from accessing the phone and/or making purchases using the device. At its reveal, Apple claimed that its take on biometrics was extra sophisticated.
The hackers say that just means Apple is using a higher resolution, and by taking a higher-resolution photo of someone’s fingerprint smudge, they were able to defeat the scanner using existing methods.
The Verge explains:
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far,” a hacker nicknamed Starbug said. “So we only needed to ramp up the resolution of our fake.”
While the hackers claim the method is easy, it’s complicated enough that most iPhone 5S users aren’t as likely to have their security compromised by an everyday thief who would have to be willing to obtain a high-resolution photograph of a fingerprint and produce a physical fake. (It’s also not nearly as easy to bypass Touch ID with this method as, say, fooling Android’s Face Unlock feature with a simple photo of a person). But the method’s relative simplicity, which involves photographing a fingerprint left behind on a surface and then creating a glue model of it, calls the sophistication of Touch ID’s technology into question. Before Touch ID was officially announced, Wired’s Bruce Schneier noted that fingerprint readers have long faced vulnerabilities, and that the simplest readers can be fooled with a good photocopy.
—Posted by Peter Z. Scheer
Chris Isherwood (CC-BY-SA)