Chaos Computer Club Bypasses Apple’s Touch ID

Not even a week has passed since Apple launched the new iPhone 5S, and hackers claim to have already bypassed the fingerprint recognition, which was basically this smartphone’s major selling point.

What’s the most ironic thing about all this? The German hackers who go by the name Chaos Computer Club on the Internet used a technique that they documented back in 2004. In other words, a decade-old method was employed for breaking Apple’s latest and greatest tech in less than 48 hours after the iPhone 5S’ launch. CCC have long criticized biometrics-based authentication, and now that they managed to crack the iPhone 5S’ Touch ID, the world should understand why.

As pointed out on SOPHOS’ Naked Security blog, there are a few things wrong with hiding your private data behind nothing more than a fingerprint. Yes, it is convenient to use, since you don’t have to spend an additional second each time you unlock your iPhone (unless you’re really slow, case in which it would take you longer), but your fingerprints are not exactly secret, as you leave them on all sorts of surfaces from home to work and in numerous other places. As if that wasn’t enough, many authorities, employers and banks may have access to your fingerprints until the end of time, provided that you live in one of the countries that adopted such security measures after 9/11.

Secondly, typical passwords can be changed, while fingerprints cannot. See the flaw in that? After a breach, you might as well throw away your phone, in case you don’t know how to hack it. Thirdly, fingerprint sensor tech is not that difficult to trick. Not at last, such biometric authentication should solely be used for providing access to the bodies of extraterrestrials… or something like that.

That being said, CCC managed to break Apple’s Touch ID by taking a hi-res picture of the fingerprint and digitally inverting it so that the ridges are black. The next step is to laser-print the image using a thick toner setting. Place latex on top of the print and leave it like that for a while. Peel the latex sheet with great care and breathe on it so that it becomes conductive and moist. Place the sheet above the authentication sensor and have fun with the unlocked phone. What’s next, Apple, what’s next?

The most terrifying part about Apple’s Touch ID is that the new iPhone 5S can be locked with your nipples. I don’t even want to know what other body parts could be used for locking this phone “securely.”

If you liked this post, please check the first reports that iPhone 5S was in production and the low-end iPhone without Retina that people predicted would be launch in late 2013.