Just two days after the Apple iPhone 5S was released sporting built-in fingerprint sesnsor technology, a team of German hackers claim to have bypassed the Touch ID feature. The scanner hacking process involves tricking the device into detecting the owner's fingerprint made from a replica.
The hacker group based in Berlin, Chaos Computer Club, announced their successful hack on their website Sunday (Sept. 22). Specializing in biometrics hacking, the group noted that the fingerprint scanner hack on the iPhone 5S device was fairly easy.
A YouTube video of Chaos Computer Club hacker Starbug, demonstrates how a copied fingerprint was used to gain access to the locked iPhone 5S device. According to Chaos Computer Club’s fingerprint cloning how-to-guide, fingerprints can be lifted from objects, photocopied and produced using latex or wood glue.
"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token," spokesperson of the Chaos Computer Club, Frank Rieger said in a post on the Chaos Computer Club's website.
Arturas Rosenbacher, co-founder of I/O Capital Partners, launched a campaign in honor of the iPhone 5S release. Rosenbacher’s contest offered the first person to hack Apple’s Touch ID fingerprint technology a $10,000 reward. Security researchers, Nick de Petrillo along with Robert David Graham first launched their own hacking contest under the hashtag #istouchidhackedyet. To add to the original $100 bounty pot, a website istouchidhackedyet.com was set up for donations and supporters offered the winning hacker(s) cash, bitcoins and booze. According to de Petrillo’s tweet about the contest, the iPhone 5S Touch ID fingerprint scanner hack had be completed within 5 attempts.
The istouchidhackedyet.com contest’s website announced the Chaos Computer Club hackers as the winners Sunday and is awaiting video verification of the entire process of the Touch ID fingerprint scanner hack. Rosenbacher tweeted that his contest is not affiliated with istouchidhackedyet.com and that I/O Capital to will conduct it’s own winner verification process.
"As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," the German hacking team said.