FB pixel

Chaos Computer Club claims Touch ID fake fingerprint spoof

 

Well that was fast.

German hacker collective, Chaos Computer Club, has claimed that it has already spoofed the iPhone 5S’s Touch ID fingerprint sensor with a fake fingerprint, and it doesn’t seem to have taken much MacGyvering.

Specifically, a hacker by the name of Starbug from the group’s biometrics hacking team claimed responsibility for the attack, which is outlined in a couple of YouTube videos posted over the weekend. (video 1, video 2)

According to the group, the jack is performed with everyday items. “First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.”

Though the video seems pretty straightforward, the hack has yet to be officially confirmed.

“CCC is Europe’s largest hacker organization and it has a reputation to uphold,” David Meyers said in a Gigaom post this morning. “I sincerely doubt anyone’s pranking the world on this one.”

Apple has yet to issue a response, and if it does, this post will be updated to reflect it.

“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” Starbug says in a report on the collective’s website. “As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

Reported previously, Apple’s new smartphone was released for sale in North America on Friday and a separate group of hackers began a crowdfunding campaign to raise a reward for the first person to confirm a Touch ID spoof attack from a lifted print.

The istouchidhackedyet campaign website acknowledges the attack but says that it is waiting for a video showing the print being lifted and then used to perform the device unlock before it declares the German collective the winner. More than $15,000 as well as bitcoins and other rewards have been promised to the successful hacker.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

5 Replies to “Chaos Computer Club claims Touch ID fake fingerprint spoof”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events