Germany’s Chaos Computer Club has apparently broken through the security on Apple’s Touch ID system. Touch ID was introduced along with the iPhone 5s as a means to secure and unlock your phone through the use of a fingerprint sensor. Apple calls it a “convenient and highly secure way to access your phone,” but that first part might now be put into more question.
The CCC’s method for bypassing the Touch ID system involves a high resolution copy of the original fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
One of the hackers responsible says that the method is very easy, but many that read the entire process might disagree. If the claims of the group are indeed completely true, then it would mean that Apple’s fingerprint sensor is vulnerable to a conventional method of spoofing fingerprints, albeit at a higher fidelity.
However, Touch ID will most likely be enough to deter the average thief on the street, unless you somehow run into a super spy or villain that for some reason needed your phone.