AfterDawn: Tech news

Apple's Touch ID broken by hacker group?

Written by James Delahunty (Google+) @ 22 Sep 2013 18:52 User comments (3)

Apple's Touch ID broken by hacker group? The Chaos Computer Club has claimed that its "biometrics hacking team" has broken Apple's Touch ID, just days after the release of the iPhone 5s.
Apple has touted the security of its fingerprint scanner system that can be used to unlock an iPhone 5s and for iTunes purchases. It said that the system cannot be beaten as easily as some other fingerprint scanners, which have found to be particularly weak.

In fact, Apple even discounted the possibility that a severed finger could be used.

Enter the Chaos Computer Club, a group many of you will have heard of before. It now claims that just days after the iPhone 5s release, it can already spoof Apple's Touch ID "using easy everyday means."

"A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID," CCC claims.

"This demonstrates again that fingerprint biometrics is unsuitable as access control method and should be avoided."

A hacker with the nickname Starbug claimed all the group had to do was ramp up the resolution of its fake. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

The group has posted a video which allegedly shows the spoof working.



More information: Chaos Computer Club.

Previous Next  

3 user comments

122.9.2013 21:04

Meh, I'm not surprised. I think probably 99% of 5S owners are safe from this ever happening to them though.

I doubt many will really use this feature anyways once winter comes along. Not worth sacrificing gloves over lol


*\\\****//\\\***//\\\*****
**\\\**//**\\\*//**\\\*******
***\\\//****\\\ ****\\\****

223.9.2013 13:49

Err I gotta say if anyone wants my info that bad they can have it or could have gotten it by other means. I am not an Apple fan nor would I ever own an iPhone. I am just saying going to all that work to get the average person's info? Prob not worth it...A fake finger? REALLY? LOL... So maybe not ironclad protection but good enough for your average user and certainly better than that password they are using variations of on 20 or 30 sites across the internet.


Just my $0.02,

dEwMe

327.9.2013 19:31

But wasnt it suppose to be an uber secure sub dermal biometric device.. the hack suggests it not at all.

Comments have been disabled for this article.

News archive