Apple’s TouchID Can be Broken with a Little Patience and the Right Tools
Posted on September 23, 2013 9:00 AM by Rob Williams
Mere days after Apple’s latest and greatest iPhone became available for public consumption, a team called Chaos Computer Club managed to break the device’s fingerprint security. Dubbed TouchID by Apple, this fingerprint scanner improves upon the old formula by scanning your finger at a higher-than-usual resolution so that it’s harder to trick. Well, when the scanner has a resolution increase, it makes sense to believe that a faux fingerprint could be printed at a higher resolution – fighting fire with fire, so to speak.
As the CCC team discovered, things really are quite that easy. To emulate the fingerprint, one must be scanned at 2400 DPI and printed to 1200 DPI onto a transparent sheet. Then, material such as latex or glue is applied to the fingerprint and then lifted off. If all goes well, the transfer can be placed onto the iPhone’s fingerprint reader to be granted access.
Clearly, this kind of “hack” isn’t for the faint of heart. It requires a lot of effort, and you’d really be wanting to gain access to the phone to go through such effort. However, what’s important to glean from all this is that fingerprint security simply isn’t bulletproof, and it shouldn’t be treated as though it is. Admittedly, however, it’s probably more secure than a 4-digit pin, since that can be bypassed with nothing other than time. Not everyone has the ability to scan a fingerprint so easily, much less print it to a high DPI transparent sheet.
Still, it’s rather impressive that it took virtually no time at all for TouchID’s vulnerabilities to be exposed.