Monday, September 23, 2013

Hackers Bypass Apple’s Touch ID With Lifted Fingerprint

Fingerprint scanners have always been vulnerable to hackers who are willing to go the extra mile to bypass them. Over the years, we’ve seen everything from people using Gummy Bears [1] , Play-Doh [2] and more sophisticated techniques to bypass these biometric scanners. It’s not really a surprise then, that Apple’s Touch ID fingerprint scanner on the new iPhone 5s is vulnerable to these kinds of hacks as well. As Germany’s Chaos Computer Club (CCC) announced today, it has managed to bypass TouchID [3] by creating a fake finger that uses lifted prints to fool the scanner into believing it’s dealing with its rightful owner.

But let’s put this hack into perspective. Getting this to work isn’t quite as easy as the CCC hackers make you think it is in their press release or this video [4] :

First you need some kind of colored powder or superglue to lift the fingerprint. Then you have to scan the fingerprint, invert it and print it with a resolution of 1200dpi or more onto a transparent sheet. After that, you build your fake finger by smearing pink latex milk or white wood glue into the pattern that the toner created onto the transparent sheet and wait for it to set. Finally, the CCC writes, “the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.” This method should work for virtually every fingerprint scanner on the market today.

If somebody is willing to go through all of this to break into your phone, chances are you have bigger issues than fingerprint security. Also, given that most iPhone users probably don’t even use a PIN code to secure their devices today, Touch ID still marks a massive step forward in smartphone security â€" even given the remote chance that somebody would lift your fingerprint and go through the trouble of bypassing it.

Links
  1. ^ Gummy Bears (www.zdnet.com)
  2. ^ Play-Doh (www.engadget.com)
  3. ^ bypass TouchID (www.ccc.de)
  4. ^ this video (www.youtube.com)

No comments:

Post a Comment

Search This Blog