The iPhone 5s has only just made it to market and people are already questioning the security of the flagship new phone’s fingerprint sensor, Touch ID.
According to the Chaos Computer Club, the new sensor can be bypassed using the well-established ‘fake finger’ method – something that they say can be completed using materials found in “almost every household”. The group aimed to rebut claims in the media that Touch ID was much more secure than previous implementations of fingerprint technology.
The method is outlined on their website and sounds awfully complex to me:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
The CCC also put together a short video to show off the method:
While this is by no means solid proof that Touch ID is insecure, it does at least show that it is open to being bypassed if the right method is followed with the right materials (as well as access to the phone itself).
Personally, I feel that Touch ID was never pitched as foolproof. I think that it is simply an added security measure that will be useful for most everyday people, some of which would not even set a passcode as it delays them entering their device.
Apple have not invented fingerprint scanning but they have made it delightful to set up and use with Touch ID, and that will increase the security of iPhones in general.
Coupled with Apple’s Find My iPhone app and its ability to wipe the iPhone remotely, hacking into someone’s iPhone and extracting their personal data is now increasingly difficult and it would be hard for the company to do much more than what they are already doing.