German hackers expose weakness in program.
Just days after the release of the iPhone 5S, a group of hackers has claimed that they already broke through the phone’s Touch ID fingerprint scanner. The Chaos Computer Club (CCC), based out of Berlin, announced the successful hack of the reader on the group’s website last Sunday.
In their announcement, the CCC claimed that a hacker by the name of ‘Starbug’ has successfully broken Apple’s new security authentication system by using laser printing to fake fingerprints. This was done using a program he developed back in 2004. He only had to make some adjustments to the design, according to the CCC.
“In reality, Apple’s sensor has just a higher resolution compared to the sensor so far. So we only needed to ramp up the resolution of our fake,” Starbug said on the website. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers off lifted prints.”
When the iPhone 5S and its fingerprint scanner was announced, a website sprang up called “Is Touch ID hacked yet?”, which offered cash and other gifts to the first hacker that could successfully crack the scanner and provide proof. By the following Saturday, the prize pot (which anyone could donate to via Twiter), has already passed $25,000. In order for the prize to be won, the hack had to be “as simple as lifting a fingerprint from a beer glass.”
Starbug detailed the process on his website. The process involves photographing the fingerprint, which is then printed on a transparent sheet. The group has also posted a YouTube video that shows someone unlocking the phone using the fake laser-printed fingerprint.
However, this should not be a surprise that the phone has already been hacked. But do not get the wrong idea—this is not an easy task for the average person to pull off, as getting a 2400 dpi image of someone’s fingerprint is a difficult process. Whether or not the CCC wins or loses, iPhone 5S owners shouldn’t panic, as biometric scanners such as Apple’s have the potential to eliminate the traditional password from a person’s daily life and replace it with something simpler, stronger, and more secure. This promise is what inspired the competition. By testing for vulnerabilities and then repairing them, biometrics can really begin to take over.