The iPhone 5s’s Touch ID fingerprint scanner isn’t quite as secure as Apple’s breathless hype would have you believe, it has emerged, after a coterie of hackers found a way around the security technology within hours of the handset going on sale.
Emerging from the shadows of the internet (doubtless wearing V For Vendetta masks, Lulzsec tees and capes), the Chaos Computer Club (CCC) managed to unlock an iPhone 5s with a fake finger. Or rather, a rubbery print thereof.
CCC cooked up the finger by taking a photo of the fingerprint from a glass surface using a 2,400 dots per inch camera.
The group then took the image, gave it a scrub and printed it with plenty of ink. To complete the scam, they took pink latex milk and used it to coat the ‘relief image’ of the fingerprint.
Once dry, they took the resulting latex print and breathed on it to give the illusion of warm-blooded humanity.
Pressed against the Touch ID fingerprint scanner, the handset unlocked in a trice, ready to give up its owner’s secrets and all kinds of sensitive information.
Of course, how realistic it is to expect anyone to go the trouble to do all this to unlock a phone is a moot point.
Despite the fact that CCC claims that it used “easy everyday means” to expedite the unlocking of the handset, that’s more than a little disingenuous. It’s actually a pretty involved operation and requires a fair bit of specialist knowledge.
Even so, it’s a little bit shaming for Apple that the breach emerged so quickly. And that it should affect what’s sure to be touted as the iPhone 5s’s killer software feature in ads.
Frank Rieger, CCC spokesperson, said: “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token.
“The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
Apple has yet to acknowledge the story. But keep ‘em peeled and we’ll let you know if that changes.