For most Apple’s Touch ID is more a convenient way of accessing your iPhone without the need for entering a password, a password system that had issues at times. now Chaos Computer Club – a Germany-based group of computer hackers – claims to have fooled Apple’s Touch ID fingerprint technology
It’s important here to know the difference between a HACK and a SPOOF. A hack implies getting hacking the system implies it was working fine but someone had to alter the software / hardware to make it work for a different purpose or in a different way. This hasn’t been done.
Anyone who’s watched any Mission Impossible films will know what a spoof is on a fingerprint reader. You know when an agent lifts a fingerprint from a wine glass, prints it out and makes it their own, well that’s pretty much what Chaos computer club have achieved.
Semantics aside, finger print lifting was always an inherent issue with any fingerprint based technologies
A YouTube video demonstrating the trick is entitled “hacking iphone 5S touchID” (and is being reported by some organizations similarly) it is in point of fact not a hack. But we’ll get to that in a moment.
In a blog post describing the procedure, Chaos Computer Club says:
A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The Chaos Computer Club explains how the process to produce the fingerprint was made. It involves photographing a fingerprint at 2400 dot per inch resolution.
The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.
To its credit, Chaos Computer Club isn’t calling the spoof a hack, but that isn’t stopping it from being widely misreported, thanks in part to the sloppy title on the YouTube video. But what is the point of accuracy when there are page views to be had?