Germany’s Chaos Computer Club has reportedly cracked Apple’s newest feature, TouchID. As you probably know, people lucky enough to pick up an iPhone 5S this weekend are able to open their iPhone and charge their iTunes account with a simple thumb print.
Using some pretty comprehensive technology, the fingerprint scanner, built into the iPhone 5s’ home button, scans the users fingerprint. Rather than comparing it to a stored fingerprint locally or on a server,the technology compares the data in the fingerprint to verify the identity of the user. It also requires that the user be alive, breathing and attached to the person it belongs to.
For their customer’s protection, Apple has blocked the TouchID feature from developers. Apple insists that no one actually has a saved version of the fingerprint, but for now the technology is protected from anyone not working at One Infinite Loop.
Well despite being protected from developers, hackers have been able to crack the TouchID feature.
The biometrics team at Germany’s Chaos Computer Club were able to use a hacking technique that dates back to 1994 in order to breach the TouchID security.
The blog nakedsecurity has simplified the procedure for cloning fingerprints and then unlocking an iPhone 5s to these 7 steps:
- Take a hi-res (2400dpi) photograph of the fingerprint.
- Digitally invert the image so that the valleys of the print are black.
- Laser print (1200dpi) the image with a very thick toner setting.
- Smear white woodglue (or latex) over the printout and allow to set.
- Carefully peel off the glue or latex sheet.
- Breathe on the surface so it’s slightly moist and conductive.
- Unlock phone.
What’s more in this story is that the hackers at Chaos Computer Club didn’t use a picture of the iPhone owners fingerprint to clone, rather they lifted the print off of a glass surface and were able to make a working duplicate.
Now obviously this is a lot of steps to take to just get access into someone else’s iPhone, but it sure beats cutting a finger off (which won’t work anyway).