Chaos Computer Club hack Touch ID

The team of biometric hackers Chaos Computer Club (CCC) has successfully bypassed the Apple Touch ID's biometric protection mechanism using available tools. To unlock the iPhone 5S enough fingerprint of the owner, left on a smooth glass surface. This example again shows the inconsistency of access control methods based on fingerprint reading.

Recall that recently Apple released a new version of the iPhone with a fingerprint reader. It was also stated that the new technology is more reliable, and there were rumors in the press about the wonders of the "new" technology and about the improbability of breaking such protection.
')
(Victory is recorded here - http://istouchidhackedyet.com - approx. Translator).

“In fact, the Apple sensor stands out among the rest only in high resolution. That is, it is enough for us to improve the quality of our fake ” - explains the hacker with the nickname Starbug, he conducted the main experiments, during which he successfully bypassed the defense. “We’ve been trying to report for years that fingerprints should not be used for security. You leave them everywhere and recreate the original finger on his fingerprint just like two fingers on the asphalt . ”



The new method follows the standard procedure of forging fingerprints, using only household materials. First, the print is photographed with a minimum resolution of 2400dpi. The resulting image is slightly cleaned in Photoshop, inverted and printed on a laser printer with a minimum resolution of 1200dpi on top of a transparent sheet ( such sheets are sold in any self-respecting photo material store - note. Translator ). You need to set up the printer in a special way so that the printed layer has a perceptible thickness. Then the resulting pattern is smeared with wood glue. After the installation dries, the wood glue film is torn off, slightly moistened with breath from the mouth and then placed on the fingerprint reader. This method, possibly with small variations, has been tested for most fingerprint readers on the market.

“We hope that we will forever dispel the illusions of ordinary people regarding biometric protection. It’s trite and stupid to use what you cannot change as a cryptographic key, but leave working copies every hour and everywhere, ” says Frank Rieger , spokesman for CCC. “Society should not remain fools forever because of the false claims of the biometric industry. Biometrics as a technology was created for oppression and control, and not to ensure the security of access to personal devices . " Biometric fingerprint passports are used in many countries, despite the fact that this in no way contributes to increased security.

IPhone users should avoid protecting sensitive personal information with fingerprints, not only because this method is unreliable. You can simply be forced to unlock the phone using brute physical force, for example - during the arrest. Making you give a password (we hope it is certainly long) is much harder, and can go beyond jurisdiction. And unnoticed and easy to hold the phone on your hands in handcuffs - is permissible under any circumstances.

Many thanks to the Heise Security team for providing the iPhone 5S. More details are available at http://istouchidhackedyet.com .