iPhone 5s fingerprint reader hacked!

Shortly after the iPhone 5s began shipping, Europe’s largest association of hackers, known as the “Chaos Computer Club”  found a way of fooling the fingerprint reader and gaining access to an iPhone, bypassing Apple’s so-called biometric security shield. Here’s a link to their page describing the process, but it is incredibly simple.

  1. Enrol your finger on an iPhone.
  2. Photograph the finger with 2400dpi resolution.
  3. Enhance, invert, and laser print on a transparency sheet (1200dpi).
  4. Put white wood glue on the pattern created by the toner on the transparency.
  5. Let it set until the latex fingerprint can be lifted from the transparency.

A more accurate fingerprint can be made using a photo-sensitive PCB material after step 3 (also described on their blog). What’s the moral of the story? Using fingerprint recognition for security doesn’t work too well. But the concept of spoofing isn’t so new. In 2002, Japanese cryptographer and mathematician Tsutomu Matsumoto showed how fake fingerprints could be made using the same material used to make Gummi bears. His experiments fooled fingerprint readers more than 67% of the time. A brief synopsis of fingerprint spoofing can be found here. Gelatin, plasticine, PVC glue… they all seem to work.

Don’t rely on fingerprint recognition to protect anything (that includes door locks with fingerprint access). Think fingerprint scanners that sense a pulse, or moisture in skin are any better? Think again, they too can be spoofed. Eye retinas might be better, or better still DNA. Let’ s see Apple stuff a DNA scanner onto the iPhone 6.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s