Security of iPhone 5S fingerprint sensor called into question

As excitement builds over the release of the new iPhone 5S, a group of German hackers claim to have infiltrated one of the handset's security features – a fingerprint sensor.

The software, known as Touch ID, was successfully compromised by the Chaos Computer Club (CCC) just two days after the handset was released.

The group explained how they photographed the fingerprint of the phone user on a glass surface, which was enough to create a fake finger that could unlock the system.

Starbug, the pseudonym of the hacker who carried out the experiments, explained that fingerprint technology was never going to be as secure as Apple had hoped.

They noted: "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake.

"As we have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

Materials used by the CCC were commonly found in almost every household, further emphasising just how easy it was to circumvent the system's security.

The fingerprint was photographed with a 2400 dpi resolution – once cleaned up, it was inverted and laser printed with 1200 dpi resolution onto a transparent sheet with a thick toner setting.

Pink latex milk or white woodglue was then smeared into the pattern that had been created before being lifted, breathed on to make it moist and then placed on the sensor.

Apple may now be required to undertake further penetration testing to establish just how secure its latest range of handsets really is.

The CCC hopes that its experiments "put to rest" the illusions that many people have over the security of fingerprint biometrics.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s