Apple touts the fingerprint sensor on the iPhone 5S as “convenient and highly secure” but it seems they will soon have to shorten that description to simply “convenient”, after the venerable German Chaos Computer Club has proven that the sensor can be hacked with something as simple as wood glue, a laser printer and a 5 megapixel camera.
The full procedure is:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
The CCC notes:
Apple had released the new iPhone with a fingerprint sensor that was supposedly much more secure than previous fingerprint technology. A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days.
"In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
While a device with a fingerprint scanner is certainly more secure than one without, the hack shows the fingerprint scanner has not made the device any more secure than one with simple a passcode, a fact to bear in mind next time an iPhone fan lists it as a reason to buy one.
Via the Verge.com