Monday, September 23, 2013

Touch ID fingerprint reader easily hacked on iPhone 5S


The Apple Touch ID security technology introduced by the iPhone 5S has been described by Apple and the media as a revolutionary secure alternative to the conventional PIN code. However, the Touch ID technology has already been hacked by the German Chaos Computer Club through only using a camera, printer and glue.

best hack bypass touch id fingerprint iPhone 5S
The Touch ID fingerprint security technology has been given a lot of attention by Apple and the press. In essence, it is nothing but a re-packaged and somewhat improved fingerprint reader that has been around for a long time. Already when it was launched, there has been serious fingerprint security and privacy concerns of Touch ID on iPhone 5S. The situation does not become very much better as a group of German hackers known as Chaos Computer Club has recently shown that creating a "fake" finger to bypass the Touch ID security is extremely easy using nothing but a camera, printer and glue.

According to Chaos Computer Club, the Touch ID technology differ very little from conventional fingerprint technologies, in essence much less than Apple makes its consumers to believe. The main difference is that the Touch ID sensor operates at a higher resolution as compared to conventional commercial fingerprint readers. Therefore, this meant that the fake fingerprint needed to be photographed at a resolutions of 2400 DPI. 



How to bypass the Touch ID fingerprint security easily

Chaos Computer Club has showed that provided a high-resolution picture of the fingerprint taken with the finger pressed against a glass surface, the Touch ID could then easily be bypassed. This was achieved by simply printing the fingerprint on a transparency and then covering the print with glue. After the glue had cured (hardened), it was carefully lifted off from the transparency. The fake fingerprint could then be used with any finger, by covering a real finger with it, to bypass the Touch ID screen lock.

According to the hackers, since bypassing Touch ID is so extremely simple and easy, no-one should really rely on Touch ID as a secure alternative to the PIN codes. The demonstrated technique certainly has some limitations inherent to the design of Touch ID. For example, Touch ID only works during a 48 h period counted from when the phone was last locked. In addition, Touch ID is only activated once the phone has been unlocked through PIN code at least once.

However, the purpose of showing the weakness in Touch ID should mainly be seen as an eye-opener. Once again, one should never embrace anything simply because one is told to do so. For the case of Apple products and solutions, both the media and the consumers have, for some reason, a tendency to have some sort of unconditional trust toward them which can lead to potentially and critically flawed security decisions.


No comments:

Post a Comment