The Chaos Computer Club - a Germany-based group of computer hackers - claims to have fooled Apple's Touch ID fingerprint technology, which makes its debut on the new iPhone 5s. While a YouTube video demonstrating the trick is entitled "hacking iphone 5S touchID" (and is being reported by some organizations similarly) it is in point of fact not a hack. But we'll get to that in a moment.
In a blog post describing the procedure, Chaos Computer Club says:
A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The one minute video shows someone using their index finger to register Touch ID on a newly set-up iPhone 5s. Once the setup has been completed, they then apply a tape to their middle finger which, presumably, contains a transfer of the index fingerprint. That unlocks the phone.
The Chaos Computer Club explains how the process to produce the fingerprint was made. It involves photographing a fingerprint at 2400 dot per inch resolution.
The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
So this isn't a procedure that someone is likely to casually reproduce just for the sake of unlocking your phone. But Chaos Computer Club spokesman Frank Rieger says biometric security like Touch ID has more nefarious implications.
Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.
To its credit, Chaos Computer Club isn't calling the spoof a hack, but that isn't stopping it from being widely misreported, thanks in part to the sloppy title on the YouTube video. But what is the point of accuracy when there are page views to be had?
We may earn a commission for purchases using our links. Learn more.
NJ Supreme Court rules you can be forced to give up your phone’s passcode
In a 4-3 decision, the New Jersey Supreme Court ruled Monday that the Fifth Amendment did not protect this particular defendant.
Ooredoo ONE subscribers can now get an Apple TV 4K with their TV plan
Subscribers to Qatari TV company Ooredoo can get a free Apple TV 4K with their ONE plan right now.
EU says it is 'aware' of Facebook Gaming and Microsoft xCloud concerns
The European Commission has said it is "aware" of concerns over Apple's App Store rules regarding recent news over Microsoft's Project xCloud gaming service and Facebook Gaming.
Apple's Mac and MacBook collection all in one place
Apple's Mac laptop and desktop lineup is more versatile than you may realize.