Apple’s TouchID Can be Broken with a Little Patience and the Right Tools

Posted on September 23, 2013 9:00 AM by Rob Williams

Mere days after Apple’s latest and greatest iPhone became available for public consumption, a team called Chaos Computer Club managed to break the device’s fingerprint security. Dubbed TouchID by Apple, this fingerprint scanner improves upon the old formula by scanning your finger at a higher-than-usual resolution so that it’s harder to trick. Well, when the scanner has a resolution increase, it makes sense to believe that a faux fingerprint could be printed at a higher resolution – fighting fire with fire, so to speak.

Apple iPhone 5s TouchID

As the CCC team discovered, things really are quite that easy. To emulate the fingerprint, one must be scanned at 2400 DPI and printed to 1200 DPI onto a transparent sheet. Then, material such as latex or glue is applied to the fingerprint and then lifted off. If all goes well, the transfer can be placed onto the iPhone’s fingerprint reader to be granted access.

Clearly, this kind of “hack” isn’t for the faint of heart. It requires a lot of effort, and you’d really be wanting to gain access to the phone to go through such effort. However, what’s important to glean from all this is that fingerprint security simply isn’t bulletproof, and it shouldn’t be treated as though it is. Admittedly, however, it’s probably more secure than a 4-digit pin, since that can be bypassed with nothing other than time. Not everyone has the ability to scan a fingerprint so easily, much less print it to a high DPI transparent sheet.

Still, it’s rather impressive that it took virtually no time at all for TouchID’s vulnerabilities to be exposed.

  • e550mercedes

    Many people not only noticed that it took a lot of effort, but the person who hacked the phone did so by first inputing and then copying his own finger print. As noted by others, once the phone is powered down, or put on hold for 40 minutes or so, you’ll need to also need your passcode to get in. The hacker didn’t power down the phone so some are saying this is fishy. Not saying it isn’t legit, but until Apple comments on this I’m not too sure I’ll buy it for now.

  • Bilal Khan

    Yummy Yummy apple!

Recent Tech News
Recent Site Content