Chaos Computer Club hack Touch ID

Original author: frank
  • Transfer

The team of biometric hackers Chaos Computer Club (CCC) has successfully circumvented Apple Touch ID's biometric protection mechanism using improvised tools. To unlock the iPhone 5S, the owner’s fingerprint left on a smooth glass surface was enough. This example once again shows the inconsistency of fingerprint-based access control methods.

Recall that recently Apple released a new version of the iPhone with a fingerprint reader. It was also stated that the new technology was more reliable, and there were rumors in the press about the wonders of the "new" technology and the unbelievability of breaking into such protection.

(victory is recorded here - - approx. translator).

“In fact, the Apple sensor stands out among the rest only in high resolution. That is, it’s enough for us to improve the quality of our fakes, ” explains the hacker with the nickname Starbug. He conducted the main experiments during which he successfully circumvented the defense. “We have been trying for several years to convey that fingerprints should not be used to ensure security. “You leave them everywhere and recreate the original finger according to its fingerprint, just like two fingers on the asphalt . ”

The new method follows the standard fingerprint forgery procedure , using only household materials. Firstly, the print is photographed with a minimum resolution of 2400dpi. The resulting image is cleaned a little in Photoshop, inverted and printed on a laser printer with a minimum resolution of 1200dpi over a transparent sheet ( such sheets are sold in any self-respecting photo store - translator's note) ) You need to configure the printer in a special way so that the printed layer has a tangible thickness. Then the resulting pattern is smeared with carpentry glue. After the installation has dried, the film of wood glue is peeled off, slightly moistened by breathing from the mouth and then placed on the fingerprint reader. This method, possibly with slight variations, has been tested for most fingerprint readers on the market.

“We hope that we will dispel forever the illusions of ordinary people regarding biometric protection. It's trivial and stupid to use as a cryptographic key what you cannot change, but leave working copies every hour and everywhere, ” says Frank Rieger , spokeswoman for CCC. “Society should not be stupid forever because of false statements by the biometric industry. Biometrics as a technology was created to oppress and control, and not to ensure the security of access to personal devices . ” Fingerprint biometric passports are used in many countries, despite the fact that this in no way contributes to increased security.

IPhone users should avoid protecting sensitive personal information with fingerprints, not only because this method is unreliable. You can simply be forced to unlock the phone using brute force, for example, during an arrest. Заставлять вас выдать пароль (надеемся, он несомненно длинный ) значительно труднее, и может выходить за рамки юрисдикции. And imperceptibly and unconstrainedly handcuffing your phone in your hands is permissible under any circumstances.

Many thanks to the Heise Security team for the iPhone 5S. More details are available at .

Only registered users can participate in the survey. Please come in.

Your attitude to Touch ID

  • 13.0% I was going to use and I will 330
  • 54.4% I did not intend and I will not 1384
  • 5.6% Going, but now changed his mind 142
  • 27.0% Yes, who needs me 687