Slashdot Mirror


CCC Says Apple iPhone 5S TouchID Broken

hypnosec writes with word that the Chaos Computer Club claims to have "managed to break Apple's TouchID using everyday material and methods available on the web. Explaining their method on their website, the CCC hackers have claimed that all they did was photograph a fingerprint from a glass surface, ramped up the resolution of the photographed fingerprint, inverted and printed it using thick toner settings, smeared pink latex milk or white woodglue onto the pattern, lifted the latex sheet, moistened it a little and then placed it on the iPhone 5S's fingerprint sensor to unlock the phone." Update: 09/22 21:32 GMT by T :Reader mask.of.sanity adds a link to a video of the hack.

2 of 481 comments (clear)

  1. Re:If true by BasilBrush · · Score: -1, Redundant

    Congratulations for using the word "if". TFA does include a video, but it doesn't prove the hack. The demonstrator shows the training of his index finger, then uses his second finger, covered with a bit of what looks like latex to unlock the phone.

    Yet you can train the iPhone 5S to use multiple fingers, so we don't know that he hadn't previously trained the phone with this second finger/latex combo previously.

    The 5S Touch ID sensor uses capacitative imaging, which means it's taking biometrics from below the skins surface, so it's highly unlikely the claimed procedure would work. But the obvious hoax method I describe probably would.

    So we should await confirmation one way or the other.

  2. Re:Am I missing something? by BasilBrush · · Score: -1, Redundant

    Yes, Apple has been confirmed lying due to a gelatin finger being able to program the TouchID sensor to begin with. No blood vessels, well below the temperature of a human body, and certainly no pulse.

    Either you don't understand the concept that "capacitative" doesn't deal with what's on the surface, or you missed the fact that there was a real living finger behind that thin film of gelatin or latex or whatever it was.

    I'm not terribly surprised that you can program the scanner with a latex of latex on your finger, then get it to verify that same finger.

    The trick in the video, if it is a hoax, is that more than one finger can be trained.