iPhone 5s fingerprint sensor 'hacked' within days of launch

Flash

Lost in speed
iPhone 5s fingerprint sensor 'hacked' within days of launch - Telegraph


A group of German hackers has found a way to bypass Apple's TouchID, and claims that fingerprint biometrics is an unsuitable method of access control.

The group, known as the Chaos Computer Club (CCC), demonstrated that a fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.

The CCC said in a blog post that although Apple claims its fingerprint sensor is much more secure than previous fingerprint technologies, it simply has a higher resolution than previous sensors, so all the CCC needed to do was increase the resolution of its fake.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson for the CCC.

"The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

Commenting on the news, security expert Graham Cluley reiterated the CCC's claims that fingerprints are not secrets, and can easily be picked up and copied by others.
"Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect," he said.
Apple did not respond to a request for comment on the hack.

This is the third security flaw discovered since the phone and its iOS 7 software were released last week.


  1. First, Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter and more.
  2. Then Karam Daoud, a 27-year old Palestinian living in the West Bank city of Ramallah, demonstrated that he was able to make a call to any number from a locked iPhone running iOS 7 by exploiting a vulnerability in its emergency calling function. Both vulnerabilities were first reported by Forbes.

Notably, no one has yet managed to extract a fingerprint rendering from the iPhone itself, where Apple says it is held on a secure chip. The CCC's method relies on capturing a high-quality fingerprint elsewhere, and having access to the phone.


Where there's a will, there's a way
- :mrgreen:
 
Top Bottom