Chaos Computer Club beats Apple’s Touch ID

While the solution may have been obvious to those who watch a lot of spy movies like Mission Impossible and 007, once again we’re being shown that no security measure is perfect. In their latest exploit, the Chaos Computer Club has managed to bypass Apple’s new touch ID fingerprint security sensor on the latest iPhone 5 using a generally well-proven technique.

The technique is, of course, relatively complex and not likely to be done by your average street thief – who’s probably just going to wipe the phone without looking at contents anyway. The self-described “white hat” hacking group demonstrated the bypass in a video. It goes something like this:

  • Get the enrolled user’s fingerprint as a photograph of at least 2400 dpi resolution.
  • Clean the image with photo manipulation software and invert it.
  • Print it on a laser printer with a 1200 dpi or higher resolution onto a transparent overhead sheet with a thick toner setting.
  • Use pink latex milk or white wood glue smeared over the pattern and cured to make it “tacky.”
  • After breathing on it to moisten the sheet, place it over the sensor on the phone.
  • The phone will unlock.

As the club points out, this same process has been used to defeat many of the consumer-grade fingerprint sensors on the market. It’s not exactly groundbreaking, nor is it easily do-able by most thieves and would-be phone hackers.

It does, however, illustrate that no system is safe. The up side? At least now those spies who want to steal your smartphone data won’t have to cut off your finger to do it. That’s a bonus.

Leave a Comment