iPhone 5s fingerprint sensor 'hacked' within days of launch

A group of German hackers has found a way to bypass Apple's TouchID, and claims that fingerprint biometrics is an unsuitable method of access control.

The group, known as the Chaos Computer Club (CCC), demonstrated that a fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.

The print was first photographed with 2400 dots per inch (dpi) resolution. The resulting image was then cleaned up, inverted and laser printed with 1200 dpi onto a transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue was smeared into the pattern created by the toner on the transparent sheet.

After it had set, the thin latex print was lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market, according to the CCC.

The CCC said in a blog post that although Apple claims its fingerprint sensor is much more secure than previous fingerprint technologies, it simply has a higher resolution than previous sensors, so all the CCC needed to do was increase the resolution of its fake.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson for the CCC.

"The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

Commenting on the news, security expert Graham Cluley reiterated the CCC's claims that fingerprints are not secrets, and can easily be picked up and copied by others.

"Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect," he said.

Apple did not respond to a request for comment on the hack.

This is the third security flaw discovered since the phone and its iOS 7 software were released last week. First, Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter and more.

Then Karam Daoud, a 27-year old Palestinian living in the West Bank city of Ramallah, demonstrated that he was able to make a call to any number from a locked iPhone running iOS 7 by exploiting a vulnerability in its emergency calling function. Both vulnerabilities were first reported by Forbes.

Notably, no one has yet managed to extract a fingerprint rendering from the iPhone itself, where Apple says it is held on a secure chip. The CCC's method relies on capturing a high-quality fingerprint elsewhere, and having access to the phone.

Speaking to BusinessWeek just after the iPhone 5S was unveiled, Craig Federighi, Apple's head of software, said that Apple's focus had been on making sure that fingerprints could not be extracted from the phone.

"No matter if you took ownership of the whole device and ran whatever code you wanted on the main processor, [you]could not get that fingerprint out of there. Literally, the physical lines of communication in and out of the chip would not permit that ever to escape," he said.

For more http://www.telegraph.co.uk/technology/apple/iphone/10327635/iPhone-5s-fingerprint-sensor-hacked-within-days-of-launch.html

Comments   

 
0 #2 oneplus 2017-07-09 22:54
Some ρeople will dsicover the screen just a
little dim bսt adjustment with the brightness can easily be done.
Ƭhe modifications manufaϲtured in producing this version of the i -
Phone have surеly meant that the compaгisons Ьetween Appⅼe and аlso the competition, and also the accompanying spec sheеts have become more mеaningless with each pаssing
generаtion. HTC includes a гeputation for buiⅼding
superb quality Smartphones that are pаcked with technoⅼogy.


Look into my web blog oneplus: http://www.marmellate.us/index.php/component/k2/itemlist/user/119137
Quote
 
 
0 #1 earpeace 2017-07-09 19:25
Thiѕ may be just a little behind some of the fаster top еnd phones available but nonetheless
аmpⅼe for any device similar to this then when you actսal loаd
a title for the X7 there is abѕolutely no noticeable lag when playing and games load in a short time indeeⅾ.
Chаnces are, they're "Googling" restaurants inside their area to determine where they would
like to select lunch. HTC caгries a historу of Ьuіlding
superb quality Smartρhones ԝhich can be ρacked with technology.


Here is my weƄpage - еarpeace: http://en.omegatechnology.gr/UserProfile/tabid/61/userId/257906/Default.aspx
Quote
 

Add comment


Security code
Refresh

Additional information

A Solsolis Venture Other initiatives are