Germany’s Chaos Computing Club claims to have tricked Apple’s new TouchID security feature this weekend. In a blog post on the breakthrough, the CCC writes that they bypassed the fingerprint-reader by simply starting with “the fingerprint of the phone user photographed from a glass surface.” The entire process is documented by hacker Starbug in the video above, and the club outlines it in a how-to.

For this particular initiative, the CCC started by photographing a fingerprint with 2400 dpi. Next the image was inverted and laser printed at 1200 dpi. To create the fingerprint mask Starbug finally used, latex milk was poured into the pattern, eventually lifted, breathed on (for moisture), and pushed onto the sensor to unlock the phone. In this sense, it’s hard to definitively state the hackers “broke” the TouchID precautions, because they did not circumvent the security measure without access to the fingerprint. (TouchID could similarly be cleared with a GTA V-like strategy of knocking the phone user unconscious and pressing finger-to-sensor.) However, the CCC did successfully trick TouchID into working as advertised for an individual who wasn’t the phone user.

The CCC, and Starbug in particular, are well-known critics of biometric security systems. Back in 2008, Starbug even cloned the fingerprint of a German politician who advocated for collecting citizens’ unique physical characteristics as a means of preventing terrorism.     

Leave a Reply