Chaos Computer Club: Hackers Crack Apple's Fingerprint Scanner
Apple recently launched the latest top-end model of its wildly successful iPhone, the 5S, to much fanfare. But a German hacker organization has thrown a wrench in the works by bypassing the smartphone's much-heralded fingerprint scanner just two days after launch.
It is supposed to represent a major step forward in mobile phone security by replacing the password. But the fingerprint sensor on Apple's new iPhone 5S has already been compromised just two days after it went on sale. The German hacker organization Chaos Computer Club (CCC) says it has successfully bypassed the biometric security system, called TouchID, using "easy everyday means."
TouchID works by allowing you to unlock your phone by scanning your fingerprint rather than inputting a password or code. To bypass it, the hackers used an iPhone 5S programmed with a fingerprint, and then took a high-resolution picture of the print from a separate glass surface before transferring it onto a transparent film which, after being breathed on to make it slightly moist, could be used to gain access to the device.
By doing so, the CCC said in a blog post, it wanted to demonstrate how fingerprint biometrics is "unsuitable as [an] access control method and should be avoided."
Such fingerprint technology has been around for a while -- it was included as a feature on the Motorola Atrix smartphone, launched in 2011 -- but TouchID has been reported as a significant step forward. That assertion is categorically denied by the CCC, with a hacker known as Starbug, who was responsible for bypassing the fingerprint security, saying: "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake."
CCC spokesman Frank Rieger, meanwhile, said the organization hoped the demonstration would change the way people viewed fingerprint biometrics. "It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token," he said, referring to fingerprints.
If the hack was confirmed -- with the CCC publishing a video and how-to guide on its blog -- it would represent a blow to Apple as the tech giant battles to maintain its grip on the smartphone market. The seventh-generation iPhone 5S was unveiled earlier this month at the same time as the cheaper and more basic iPhone 5C, which does not have TouchID. The two models went on sale last Friday with Apple seeking to boost its market share against its rival platform, Android, which is used by many other device manufacturers such as Samsung and HTC.
According to market researcher IDC, nearly 80 percent of the world's smartphones -- and nearly two thirds of its tablets -- are run on Android.
In an interview with Bloomberg Businessweek, Jony Ive, Apple's head of design, said of the fingerprint scanner: "There are so many problems that had to be solved to enable one big idea."
He can add the Chaos Computer Club to that list of problems.
© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH