Fingerprint authentication, a biometric security feature highlighted in the recently released iPhone 5S smart phone, is not secure and should be avoided as a device access method, according to the Germany-based Chaos Computer Club.
The group claimed in a blog post, that its members were able to bypass the authentication system. They also released a video showing how a latex copy of an iPhone 5S owner can be made and used to fool the biometrics-based authentication system on the smart phone.
“Apple had released a new iPhone with a fingerprint sensor that was supposedly much more secure that previous fingerprint technology,” A hacker nicknamed Starbug said. “In reality, Apple’s sensor has just a higher resolution compared to the sensors thus far. So we only needed to rump up the resolution of our fake (fingerprint).”
The method used by the hackers is in fact a tried and true trick which has been featured in many heist movies and TV shows. The video provided step-by-step instructions on how gathering mostly household materials to carry out the hack.
The hack involved:
- Photographing the phone owner’s fingerprint at 1200 dpi
- Cleaning up the image and printing it inverted at 1200 dpi onto a transparent sheet. A thick toner setting should be used
- Pink latex milk or white wood glue is smeared onto the pattern created by the toner on the sheet
- The latex layer is lifted from the sheet, breathed on to make it moist and placed on the iPhone’s fingerprint sensor to unlock the phone
The process may be a bit involved. However, it illustrates how fingerprints can be copied as people tend to leave them on almost everything they touch.
“We hope that this finally puts to rest the illusions people have about fingerprint biometrics,” said Frank Rieger, spokesperson for CCC. “It is plain stupid to use something that you can’t change and that you leave everywhere everyday as a security token.”
End-of-support-devices: Time to Upgrade is Now
Sadly, it’s too often the case that something needs to ‘go boom’ with networking devices for organizations to realize there’s even a problem. But there are simple steps IT leaders before disaster strikes.