German hackers claim to have breached the Apple iPhone 5S’s fingerprint security.
In a post on its website, German group Chaos Computer Club (CCC) describes how members of its biometric hacking team were apparently able to take a photo of someone’s fingerprint left on a glass surface then use it to create a fake fingerprint, which was then used to unlock the phone. CCC also linked to a video demonstrating how the iPhone 5S can be hacked.
Apple introduced fingerprint-based unlocking technology to its iPhone 5S with the aim of making the device more secure by linking accessing data to the users’ own fingerprint.
The idea was that because some users apparently regard inputting a password as too time-consuming, fingerprint-swipe technology would encourage more iPhone users to secure their mobile phones.
The apparent breach of the device’s security – so soon after it has been released – will concern organisations that may have been considering using the iPhone 5S as a secure business tool.
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake,” hacker “Starbug” wrote in a blog post, adding that fingerprint technology is inherently insecure.
“As we have said now for many years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” he added.
CCC has been operating since 1981 and describes itself as one of the “most influential organisations dealing with security and privacy aspects of technology in the German-speaking world,” and has upwards of 3,600 members.
“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token,” said CCC spokesperson Frank Rieger.
“The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access,” he added.
CCC’s iPhone 5S security breach comes days after a crowdsourced cash prize of over $13,000 was offered to the first hacker to crack the new smartphone.
The status of istouchidhackedyet.com now stands as “maybe” and if CCC’s video is accepted as evidence, the group will win the reward.