Hackers May Have Already Gotten Past the iPhone 5’s Fingerprint Sensor

By

The iPhone 5S's Touch ID feature, which allows users to unlock the device with a fingerprint scanner, sounds cool — or annoying, depending on whom you ask — but is it any more secure than an old-fashioned passcode? Maybe, but some Berlin-based hackers are claiming to have already outsmarted the technology, just two days after it was made available to the public. A video posted to the website of the Chaos Computer Club seems to show someone registering their fingerprint with a new iPhone and then unlocking it with a piece of latex placed over that same finger.

In the accompanying announcement, the hackers explained that they took a high-resolution photo of a glass surface bearing the owner's fingerprint, cleaned up the image, and laser printed it onto a "transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, [and] breathed on to make it a tiny bit moist," like a real, clammy finger.

According to the CCC, this method has been successfully used to foil "the vast majority of fingerprint sensors on the market." While Apple's sensor does read at a higher resolution than other sensors, that just means that the hackers had to "ramp up the resolution of our fake." Robert David Graham, whose website Is Touch ID Hacked Yet? is offering at least $20,000 in cash, bitcoin, and other prizes to whoever breaks into the 5S first, told Forbes's Andy Greenberg that he is "communicating with CCC...to confirm that their trick works." But, according to Greenberg, the CCC "has a reputation as one of the oldest and most well-respected group of hackers and security researchers in the world," which means it's "likely a legitimate hack." If true, it is a little embarrassing for Apple, but we're pretty sure it won't affect 5S sales, if only because the thing is available in gold.