14 DAY TRIAL // A group called Chaos Computer Club (CCC) has used a 2400 dpi resolution camera to photograph a fingerprint and then place the copied print onto the iPhone 5s Touch ID sensor to successfully unlock it.
Or so we’re led to believe by their short YouTube video (embedded below), which has been making some waves this past Sunday.
The biometrics hacking team claims to have successfully bypassed the security of Apple's Touch ID sensor using a photographed fingerprint of the phone’s original user.
The CCC believes Apple’s Touch ID isn’t a suitable security measure for the iPhone, claiming that “A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days.”
CCC says Apple's fingerprint sensor actually just has a higher resolution, compared to other sensors on the market, “so we only needed to ramp up the resolution of our fake,” said hacker Starbug, who performed the experiments that led to the successful circumvention of Touch ID.
“As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” Starbug said.
The CCC members explain on their site how they managed to create the fake fingerprint. While the technicalities involved certainly sound like hackery, the YouTube video they posted failed to convince the masses.
The footage would have been more convincing had they just used something other than another finger to press the “fake print” against the sensor. After all, Touch ID can remember up to five different prints for a single user.
Nevertheless, the CCC says, “iPhone users should avoid protecting sensitive data with their precious biometric fingerprint […] because it can be easily faked,” though it remains to be seen if other security experts can replicate their tests.
“Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands,” the CCC adds.
