Has Apple’s (NASDAQ:AAPL) iPhone 5S fingerprint scanner already been hacked? A team of hackers in Germany called the Chaos Computer Club claim that they have successfully circumvented Apple’s biometric authentication system “using easy everyday means” and have posted a video that purports to demonstrate the hack.
The hacker group explained their method for bypassing the Touch ID on their blog. First they took a high-resolution photograph of an authorized user’s fingerprint. After the image was cleaned up and inverted, it was printed on a transparent sheet with heavy toner.
Next, the printed image was covered with “pink latex milk or white wood glue.” After the material cured, the hackers moistened the latex sheet with their breath and placed it on the Touch ID fingerprint scanner. The group noted that, “This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.”
“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” stated Chaos Computer Club spokesperson Frank Rieger. As reported earlier by CNET, independent security researcher Nick DePetrillo and Errata Security’s Robert David Graham recently created the IsTouchIDhackedyet website in order to promote a reward for the first person who is able to successfully hack Apple’s Touch ID fingerprint scanner. However, it is unclear if the Chaos Computer Club will be able to claim the Touch ID hack bounty that is currently valued at about $16,000.
Although the Chaos Computer Club has uploaded a video that shows the iPhone 5S being unlocked with a latex sheet, the video does not document the entire process. In order to claim the bounty, hackers must show a “video of the process from print, lift, reproduction, and successful unlock with reproduced print,” stated DePetrillo via Twitter. At the time of this writing, the IsTouchIDhackedyet website noted that it is still, “Awaiting video showing them lifting a print (like from a beer mug) and using it to unlock the phone. If so, they’ll win.”
Apple’s Touch ID authentication system is a key security feature of its new iPhone 5S. If security researchers are able to prove that the fingerprint scanner is vulnerable to forged fingerprints, it could diminish the appeal of Apple’s latest flagship smartphone.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)