The iPhone 5s has been available for only three days and already a group has found a way to bypass the smartphone's Touch ID fingerprint-based authentication system. The group concocted an elaborate system to replicate a fingerprint that's associated with a particular iPhone 5s, and the hack requires physical access to the device.
Apple's Touch ID technology was bypassed only three days after the iPhone 5s was launched
Touch ID is a new feature built into the iPhone 5s's Home button that allows the smartphone to scan your fingerprint instead of requiring a passcode to access apps and data. According to Apple, the system is more secure than fingerprint reader systems from other companies -- a point that the gChaos Computer Club claims is false.
The group started by scanning the fingerprint associated with an iPhone at high resolution, and then printing it out for transfer to another material such as latex. Once the material holding the print, complete with ridges and grooves, has finished setting up, the group placed it over someone else's finger and used it to successfully unlock the iPhone.
The Chaos Computer Club said, "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake."
They added that it's a simple process to lift fingerprints and then convert those into fakes that can be used to bypass security systems. "You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," they said.
While the process CCC showed was fairly straight forward, it isn't exactly a simple process for the average person. It involves successfully collecting a quality fingerprint, scanning it at 2400 DPI or higher, and cleaning up the scanned image and then printing it to an acetate sheet on a laser printer before applying the material that will ultimately hold the fake print.
Assuming someone steals your iPhone with the intent of hacking around Touch ID it's actually much easier to simply make you unlock your iPhone instead of duplicating your finger or thumb's unique patterns. Find My iPhone can also be used to remotely wipe the device and keep anyone from hacking into your personal information.
The bigger problem in this case is that someone else has physical control over your iPhone. When that happens it's much easier to find ways to hack in -- especially since at that point the potential hackers have time on their hands.
Even still, the CCC's Touch ID demonstration does show that Apple's Touch ID technology may not be quite as secure as the company implied.
Working around fingerprint security systems is something that people have been doing for years, and Apple doesn't force iPhone 5s owners to use Touch ID. It's a convenient alternative to using a four-digit passcode, and is still more difficult to work around.
For me, Touch ID is a wonderful convenience. It only took me about an hour before I was completely hooked. There may be some security concerns about fingerprint scanning technology, but I'm sticking with it -- and I'm not telling which finger I'm using.