German Hackers Crack iPhone’s New Fingerprint Scanner

Just a few days after Apple unveiled its new iPhone with a fingerprint ID scanner, German researchers say they’ve cracked the scanner using a fake rubber print.

The researchers, with the Chaos Computer Club, posted a video on their website showing members of the group’s biometric team defeating Apple’s Touch ID with a fabricated fingerprint created from a photo of a print.

They photographed the print from a glass surface, laser-printed the fingerprint image on a transparency sheet, then smeared it with latex. A similar method was used in 2002 by researchers in Japan to demonstrate the security weaknesses of fingerprint scanners using a gel fingerprint.

“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” Frank Rieger, spokesperson for the CCC, said on the group’s website.

“The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”

They explained their process here:

The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enrolled user is photographed with 2,400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1,200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

Apple added the Touch ID technology to its iPhone 5S in order to allow users to authenticate themselves to their phones to unlock the devices and to make purchases through iTunes by placing their finger on the device’s home button. A laser-cut sapphire crystal and a stainless steel detection ring are the top layers of the home button.

Apple said during its unveiling of the technology last week that the system scans the sub-epidermal layers of the finger to take the reading.

It’s hard to square Apple’s statement with the German researchers demonstration, which showed that a mere photo of a latent print from the skin’s top layer was sufficient to trick the technology.

Source: Wired

Leave a Reply

You must be logged in to post a comment.