The iPhone 5S may have only been out a few days, but the idea of the Touch ID fingerprint sensor has been rumoured for months, and when it was finally showcased at Apple’s event, alarm bells went out in the heads of security experts everywhere.
The idea behind Touch ID was to eliminate the need for passwords or passcodes, because they suck. They are unsecure and can be bruteforced. So, appealing to the security conscious, Apple introduced Touch ID in the attempt to bring the fingerprint sensor technology – something that’s been around for years – to the everyday consumer.
Whilst using a unique fingerprint may seem somewhat secure, there are still ways to bypass it, and a group of German hackers have figured out a way to bypass Apple’s Touch ID sensor using a fake-finger technique used to bypass similar sensors for years.
The method involves taking a high resolution photo of the original users’ fingerprint and printing it out on a transparent sheet with thick toner. It is then filled with a pink latex milk.
“The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting.
Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.”
iPhone 5S Touch ID Compromised
Whilst the method isn’t exactly easy, it can be performed with materials found around the house, and just reaffirms that fingerprint sensors are not as secure as they are marketed. Whilst it does rely on the hacker having the original fingerprint to start off with, there are also clever ways of obtaining this, especially since you’re touching your iPhone 5S screen all day long!
Whilst the Touch ID represents the correct move away from passwords, I wouldn’t be storing all your bank details on your phone just yet.