Fingerprint scanners have always been vulnerable to hackers who are willing to go the extra mile to bypass them. Over the years, weâve seen everything from people using Gummy Bears [1] , Play-Doh [2] and more sophisticated techniques to bypass these biometric scanners. Itâs not really a surprise then, that Appleâs Touch ID fingerprint scanner on the new iPhone 5s is vulnerable to these kinds of hacks as well. As Germanyâs Chaos Computer Club (CCC) announced today, it has managed to bypass TouchID [3] by creating a fake finger that uses lifted prints to fool the scanner into believing itâs dealing with its rightful owner.
But letâs put this hack into perspective. Getting this to work isnât quite as easy as the CCC hackers make you think it is in their press release or this video [4] :
First you need some kind of colored powder or superglue to lift the fingerprint. Then you have to scan the fingerprint, invert it and print it with a resolution of 1200dpi or more onto a transparent sheet. After that, you build your fake finger by smearing pink latex milk or white wood glue into the pattern that the toner created onto the transparent sheet and wait for it to set. Finally, the CCC writes, âthe thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.â This method should work for virtually every fingerprint scanner on the market today.
If somebody is willing to go through all of this to break into your phone, chances are you have bigger issues than fingerprint security. Also, given that most iPhone users probably donât even use a PIN code to secure their devices today, Touch ID still marks a massive step forward in smartphone security â" even given the remote chance that somebody would lift your fingerprint and go through the trouble of bypassing it.
Links
- ^ Gummy Bears (www.zdnet.com)
- ^ Play-Doh (www.engadget.com)
- ^ bypass TouchID (www.ccc.de)
- ^ this video (www.youtube.com)
No comments:
Post a Comment