STRATEGIC PARTNERS
September 23, 2013
Just two days after the new iPhone 5S dropped in stores, a group of German hackers representing the Chaos Computing Club claimed to have hacked the phone's fingerprint scanner. The CCC is one of the world's largest and most highly respected hacker organizations.
Reuters reported that "two prominent iPhone security experts" believed the CCC's claims. The club's webite posted a video that appears to demonstrate the fingerprint hack:
A blog accompanying the video explained how the hack was carried out:
The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled [sic] user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue [sic] is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market ...
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
Apple did not respond to a request from Reuters for a comment about the hack, the news service said.
Somewhat ironically, a CU Times article on the same day as the Reuters report said that "[J]ust maybe Apple’s vote for fingerprints is the game changer" that would set the standard for secure identification in the financial industry.
In the article, financial tech expert Jim Marous said he had surveyed others in his field and concensus was that the Apple technology "would be the tipping point for fingerprints."
Read more about security.
