Chaos Computer Club breaks Apple TouchID

Found on Chaos Compuer Club on Sunday, 22 September 2013

A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.

First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.

Maybe the introduction of fingerprinting isn't so much about securing your data, but for tracking. Something like next-generation cookies; just with the difference that you can't delete those.

Browse all articles« Previous « » Next »