Shortly after the iPhone 5s began shipping, Europe’s largest association of hackers, known as the “Chaos Computer Club” found a way of fooling the fingerprint reader and gaining access to an iPhone, bypassing Apple’s so-called biometric security shield. Here’s a link to their page describing the process, but it is incredibly simple.
- Enrol your finger on an iPhone.
- Photograph the finger with 2400dpi resolution.
- Enhance, invert, and laser print on a transparency sheet (1200dpi).
- Put white wood glue on the pattern created by the toner on the transparency.
- Let it set until the latex fingerprint can be lifted from the transparency.
A more accurate fingerprint can be made using a photo-sensitive PCB material after step 3 (also described on their blog). What’s the moral of the story? Using fingerprint recognition for security doesn’t work too well. But the concept of spoofing isn’t so new. In 2002, Japanese cryptographer and mathematician Tsutomu Matsumoto showed how fake fingerprints could be made using the same material used to make Gummi bears. His experiments fooled fingerprint readers more than 67% of the time. A brief synopsis of fingerprint spoofing can be found here. Gelatin, plasticine, PVC glue… they all seem to work.
Don’t rely on fingerprint recognition to protect anything (that includes door locks with fingerprint access). Think fingerprint scanners that sense a pulse, or moisture in skin are any better? Think again, they too can be spoofed. Eye retinas might be better, or better still DNA. Let’ s see Apple stuff a DNA scanner onto the iPhone 6.