Apple iPhone 5S Touch ID has been hacked with a fingerprint photocopy
A video has appeared online showing an iPhone 5S being fooled by a photograph of a fingerprint. The Touch ID scanner, which remembers your finger at a 550 ppi resolution, adds another layer of security to your PIN - but that layer appears to be fairly thin.
Chaos Computer Club demonstrates, in the below video, that a high-resolution photograph of a fingerprint can be used to unlock an iPhone 5S. Presuming you know the PIN, of course. And despite its claim that any household tools can replicate this you will need a 2400 dpi photo and a laser printer that can churn out 1200 dpi resolution prints on to a transparent sheet. Check out the video of what can only be described as the most nervous shaky hand on YouTube.
The group was rewarded with a $10,000 prize for being the first to crack the Touch ID scanner after an online crowd-funded prize was created. But while they have proved it possible there's a big difference between doing it at home willingly and actually lifting high-resolution copies of a person's prints.
The actual method involves a 2400 dpi photograph of the fingerprint - presumably this can be lifted by dusting for a print and using a film to remove it. Then the image is cleaned up, inverted and laser printed at 1200 dpi on to a transparent sheet. Then a pink latex milk or white wood glue layer is smeared, left to dry, and removed. Pop this on your finger and you're set to unlock. Well, unlock the first layer of security at least, before being asked for the PIN.
So what can we take away from this? The Touch ID scanner can be hacked without messing with the software. But it's not that straightforward. It still adds another layer of security to a PIN code. Using the Touch ID alone might not be that secure but, realistically, it would take a lot of effort to access an iPhone 5S. And for what? Another PIN code request for your banking app? Your shopping list?
If you own, or will own, an iPhone 5S enjoy the extra security of Touch ID with a PIN code. And if you're really paranoid, don't store sensitive materials on your mobile.