AI-Enabled Samsung Galaxy Z Series with Innovative Foldable Form Factor & Significantly Improved Screen Delivers New User Experiences Across Productivity, Communication & Creativity The…
Hackers claim to bypass iPhone 5S fingerprint scanner with ‘fake finger’
The process is quite simple — making one of the iPhone 5S’ most innovative features defunct. All you need is a bit of powder (or graphite dust), a high-res scanner or camera, a laser printer and wood glue. That’s according to Chaos Computer Club (CCC) who outlines the whole step-by-step process right here. The German hacker group claims to have found a way to unlock Apple’s latest fingerprint Touch ID scanner security system using simple day-to-day tools.
Referring to the Touch ID security system, Apple senior vice-president of hardware engineering Dan Riccio said a few weeks ago that “the sensor uses advanced capacitive touch to take, in essence, a high-resolution image of your fingerprint.” He further noted that all fingerprint information is encrypted, and stored inside a secure enclave.
The Wall Street Journal noted that while the information remains on the iPhone’s CPU, the encrypted fingerprint data is then almost irreversible by an engineer or hacker.
While Apple claims the Touch ID security system is hard to hack, the iPhone 5s’ Touch ID is only a higher-resolution version of existing sensors. Thus a high-resolution image is merely required to break into someone’s iPhone.
“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates — again — that fingerprint biometrics is unsuitable as access control method and should be avoided.”
One of the CCC hackers further said that “fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
CCC spokesperson Frank Rieger said: “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.”