iPhone 5s fingerprint sensor 'hacked' within days of launch

[ayanavish]

A group of German hackers has found a way to bypass Apple's TouchID, and claims that fingerprint biometrics is an unsuitable method of access control.

The group, known as the Chaos Computer Club (CCC), demonstrated that a fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.

The print was first photographed with 2400 dots per inch (dpi) resolution. The resulting image was then cleaned up, inverted and laser printed with 1200 dpi onto a transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue was smeared into the pattern created by the toner on the transparent sheet.

After it had set, the thin latex print was lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market, according to the CCC.

Read more: http://www.telegraph.co.uk/technolo...rint-sensor-hacked-within-days-of-launch.html

 

[raksrules]

Cross posting from this thread...

I just have one thing to say in defense here, this breaking of touch id is not really a bypass. Real bypass is when you do not have any access to the user's finger or its print.
It's like you have a 4 digit PIN# setup for your ATM card and wrote it down and kept in your wallet and when you lose the wallet, someone took the card and read the number and used the card in an ATM.

 

[ayanavish]

^ It's more attributed to convenience factor than security

You check your iPhone dozens and dozens of times a day, probably more. Entering a passcode each time just slows you down. But you do it because making sure no one else has access to your iPhone is important. With iPhone 5s, getting into your phone is faster, easier and even a little futuristic. Introducing Touch ID — a new fingerprint identity sensor.

 

[vriship]

the group is claiming to have bypassed the touch ID feature but i don't agree with them.
Bypass would mean they were able to unlock the device without using the authentic fingerprint but they haven't done anything like that.
Using a copy/duplicate of the actual key to open the door and then claiming to have accessed the area without using the door(bypassing) isn't exactly hacking.

Hopeless group IMO

 

[sharktale1212]

It is a bypass. Don't you watch movies? They always "bypass" the biometric security by copying original owner's fingerprints "lifted" off a wine glass or something.

 

[vriship]

somebody needs to gift them a dictionary for achieving such a huge feat.