Phone Scoop

printed April 1, 2015
See this page online at:

Home  ›  Phones  ›


Info & Phones News Forums  

Back to message list

Old Tricks Help German Hackers Bypass iPhone 5s Touch ID Security

by TracyMiller    Sep 26, 2013, 12:43 AM

Apple's Touch ID authentication system can be defeated using a well-honed technique for creating a latex copy of someone's fingerprint, according to a German hacking group.

The Chaos Computer Club (CCC), which hosts an annual hacking conference and publishes computer security research, wrote on its blog that their experiment shows that fingerprint authentication "should be avoided."

Apple introduced Touch ID with its latest high-end iPhone 5S on Sept. 10. A person's "fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike," according to the company's website.

A hacker who goes by the name Starbug found that while Touch ID scans at a higher resolution, it can be beaten by increasing the resolution of the victim's fingerprint.

The CCC posted a video of what it wrote is a successful attack. Faking the print involves photographing the victim's fingerprint at 2400 DPI. The image is inverted and laser printed at 1200 DPI onto a transparent sheet using a "thick toner setting," according to the CCC.

Pink latex milk or white wood glue is smeared into the pattern created the toner. After it cures, a sliver of latex is lifted from the sheet, and blowing on it gives a bit of moisture like that on a human finger. It then can be placed on the iPhone's fingerprint sensor, the CCC wrote.

The technique is not new. "This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market," the CCC wrote. Apple officials did not have an immediate comment on the CCC's findings.

Security experts have long warned that fingerprint authentication should not be solely relied upon, but rather used in concert with other technologies. Photos of fingerprints and molds have successfully bypassed fingerprint checks.

Touch ID is intended to reduce the number of times a person must enter a passcode, but Apple still requires a passcode in some circumstances, such as restarting the phone and if the devices hasn't been unlocked in two days.

Changes to the fingerprint settings also require a passcode, which can be configured to be longer and more complex than four digits.

Quoted from d-tricks-help-german-hackers-bypass-iphone-5s -touch-id-security.html.

Report to moderator


Reply You must log in to reply.

Back to message list

‹ all manufacturer forums

Subscribe to Phone Scoop News with RSS Follow @phonescoop on Twitter Phone Scoop on Facebook Phone Scoop on Google+ Subscribe to Phone Scoop on YouTube Follow on Instagram


All content Copyright 2001-2015 Phone Factor, LLC. All Rights Reserved.
Content on this site may not be copied or republished without formal permission.