Well, that didn't take long. Apple's fingerprint-based TouchID system has been hacked just days after the iPhone 5S's release. The Chaos Computer Club is behind the exploit, which is described on the group's blog.
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
This process has apparently been used to defeat numerous fingerprint sensors. The hackers had to increase the resolution to trick TouchID, but they otherwise used a method detailed way back in 2004. As the author of those instructions points out, fingerprints make lousy passwords. "You leave them everywhere," he says, "and it is far too easy to make fake fingers out of lifted prints."
Having seen the folks at Mythbusters fool fingerprint sensors years ago, I figured it was only a matter of time before Apple's implementation was exposed. I'm a little surprised it only took a few days and a slight modification to an existing method, though. Surely, Apple had to be aware that its system was susceptible to attack.
Faking fingerprints still takes a bit of work, and you do need to lift the originals, so it will be interesting to see if TouchID users feel vulnerable enough to go back to passcodes. One-touch unlocking may be too convenient for some to give up. Thanks to TechEye for the tip.
|1. BIF - $340||2. chasp_0 - $251||3. mbutrovich - $250|
|4. Ryu Connor - $250||5. YetAnotherGeek2 - $200||6. aeassa - $175|
|7. End User - $150||8. Captain Ned - $100||9. Anonymous Gerbil - $100|
|10. Bill Door - $100|
|Thermaltake View 27 case offers a birds-eye view of builds||23|
|National Dog Day Shortbread||1|
|Corsair backlit keyboard lineup gets new Lux models||6|
|Nixxes turns out another Deus Ex: Mankind Divided patch||16|
|Upcoming Samsung CF791 is a high-contrast FreeSync ultrawide||24|
|Deals of the week: an unlocked Skylake CPU for cheap and more||17|
|PCIe 4.0 won't actually deliver 300 watts from the slot||54|
|iOS 9.3.5 fixes serious zero-day vulnerabilities||11|
|Intel 600P Series SSDs bring NVMe into the M.2 mainstream||39|
|Stupid physics getting in the way of all our fun.||+31|