Chaos Computer Club Hackers Crack Apple's Fingerprint Scanner

Apple recently launched the latest top-end model of its wildly successful iPhone, the 5S, to much fanfare. But a German hacker organization has thrown a wrench in the works by bypassing the smartphone's much-heralded fingerprint scanner just two days after launch.

The fingerprint scanner on the iPhone 5S is built into the home button.

The fingerprint scanner on the iPhone 5S is built into the home button.

It is supposed to represent a major step forward in mobile phone security by replacing the password. But the fingerprint sensor on Apple's new iPhone 5S has already been compromised just two days after it went on sale. The German hacker organization Chaos Computer Club (CCC) says it has successfully bypassed the biometric security system, called TouchID, using "easy everyday means."

TouchID works by allowing you to unlock your phone by scanning your fingerprint rather than inputting a password or code. To bypass it, the hackers used an iPhone 5S programmed with a fingerprint, and then took a high-resolution picture of the print from a separate glass surface before transferring it onto a transparent film which, after being breathed on to make it slightly moist, could be used to gain access to the device.

By doing so, the CCC said in a blog post, it wanted to demonstrate how fingerprint biometrics is "unsuitable as [an] access control method and should be avoided."

Such fingerprint technology has been around for a while -- it was included as a feature on the Motorola Atrix smartphone, launched in 2011 -- but TouchID has been reported as a significant step forward. That assertion is categorically denied by the CCC, with a hacker known as Starbug, who was responsible for bypassing the fingerprint security, saying: "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake."

'Plain Stupid'

CCC spokesman Frank Rieger, meanwhile, said the organization hoped the demonstration would change the way people viewed fingerprint biometrics. "It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token," he said, referring to fingerprints.

If the hack was confirmed -- with the CCC publishing a video and how-to guide on its blog -- it would represent a blow to Apple as the tech giant battles to maintain its grip on the smartphone market. The seventh-generation iPhone 5S was unveiled earlier this month at the same time as the cheaper and more basic iPhone 5C, which does not have TouchID. The two models went on sale last Friday with Apple seeking to boost its market share against its rival platform, Android, which is used by many other device manufacturers such as Samsung and HTC.

According to market researcher IDC, nearly 80 percent of the world's smartphones -- and nearly two thirds of its tablets -- are run on Android.

In an interview with Bloomberg Businessweek, Jony Ive, Apple's head of design, said of the fingerprint scanner: "There are so many problems that had to be solved to enable one big idea."

He can add the Chaos Computer Club to that list of problems.


Related Topics

Discuss this issue with other readers!
3 total posts
Show all comments
Page 1
axymal 09/23/2013
Hmm. So when my iPhone is stolen, the thief will find on a flat and clean glass surface a perfect copy of the one of ten possible fingerprints I used for the phone, transfer it to tape, and then use it to unlock my phone? The likelihood that this hacking succeeds is less than that the thief sees me punching in my four digit PIN-code - if I lock the phone at all... I've seen these fingerprint-"hacking" articles in several countries. Bashing Apple and its iPhone seems to be very popular. Come on journalists - get real!
dave.van.skiver 09/23/2013
2. better than nothing
Many people do not secure their phone with a password or pin, so if this gets more people to secure their phone then it is good security!
pwolf 09/24/2013
3. Classic Apple BS
As per usual Apple practice their corporate policy of insulting the IQ of their users. once again Apple takes a bit of technology that has been around for years, tweaks it a little and and then starts bleeting incessantly about how "revolutionary" it is and how Apple's genius engineers created a breakthrough, a revolution, instant happiness in a box etc etc.
Show all comments
Page 1

All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH

Die Homepage wurde aktualisiert. Jetzt aufrufen.
Hinweis nicht mehr anzeigen.