Monday, September 23, 2013
We never expected someone to hack the iPhone 5S fingerprint scanner....just kidding.
A group of hackers in Germany says it has found a way to bypass the fingerprint-sensor security system on the new iPhone 5S.
The hackers claim they fooled the Touch ID biometric security of the iPhone 5S by photographing a fingerprint left on a glass surface and using the resulting image to create a fake "finger" which unlocked the phone. They demonstrated their exploits in a video posted Sunday to YouTube.
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token," said Frank Rieger, a spokesman for the group, the Chaos Computer Club, in a post online.
In the post, the hackers said they snapped a high-resolution photo of a fingerprint, inverted it and laser-printed it with extra toner onto a transparent sheet. Then they smeared pink latex milk or white woodglue into the fingerprint pattern, lifted a thin latex sheet from it and placed it onto the sensor to unlock the phone.
"As we have said now for ... years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," said a hacker, who goes by the nickname Starbug, on the Chaos Computer Club's site.
The group may be rewarded for its efforts. A website has offered a bounty of cash and other prizes for the first person or group to successfully hack the Touch ID system on the phone.
The site, IsTouchIDHackedYet, was created by Nick DePetrillo, an independent computer security researcher known for demonstrating hacks of smartphones, and Robert David Graham, owner of Errata Security, a cybersecurity firm. It invites donors to contribute to the bounty, which so far includes an assortment of cash, bitcoins (a form of digital currency), several bottles of booze and "a dirty sex book."
The total cash bounty topped $16,000 at one point, although one donor has since reneged on a promised $10,000 donation, according to the site.