Hackers claim to have bypassed iPhone 5s' Touch ID fingerprint authentication system
Hackers out of Germany have already found a workaround to the iPhone 5s' Touch ID system. Using a dummy fingerprint obtained from a real fingerprint, the hacker Starbug was able to unlock a phone in a hack that an outside group is certifying. Claiming fingerprint biometrics were never secure in the first place, the hackers say it was a simple matter to get access.
The Chaos Computer Club used a technique that relies on obtaining a real, physical fingerprint for the phone’s user. The print is dusted, photographed, and laser printed onto overhead transparency. Crazy Glue is applied over the copy to create a membrane which acts as the dummy fingerprint. The club argues that Apple’s improvements to the technology only involved a higher resolution of scanning, and thus, the only change to the hack was to photograph and print a higher resolution image.
While it’s important to note that the storage of the numerical fingerprint data itself is not known to be hackable and the information is not shared beyond the phone, one of the selling points of Touch ID is that it can be used to make purchases and unlock a phone that hasn't been rebooted. Additionally, fingerprints can be obtained from any hard smooth surface, such as the iPhone itself, creating a situation where the lock is bundled with its very own key, though this scenario was not attempted in the club’s hack.
The website Is Touch ID Hacked Yet? documented and will certify the legitimacy of the hack.
In as statement on the website, the club makes it clear that their issue is with the industry’s increasing reliance on biometric technology which they find to be unsafe and unwise.
Starbug's video documenting the initial setup of the iPhone’s Touch ID and the subsequent hacking can be seen here.