Tuesday, 24 September 2013

Hackers crack Apple iPhone 5S Touch ID fingerprint scanner

fingerprint-pa
A group of hackers called the Chaos Computer Club claim to have cracked the iPhone 5S fingerprint Touch ID tool. This could be a blow to businesses that may have seen the service as a major step forward in smartphone security.
The group said in a blog post that by taking a photograph of a fingerprint from a glass surface they were able to create a “fake finger” that could then unlock a Touch ID security-enabled iPhone 5S.
“The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's Touch ID using easy everyday means,” it said.
The hacker who led the experiments, called Starbug, said the hack proved the security on the device was not as impressive as some have claimed.
“A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days. In reality, Apple's sensor has just a higher resolution compared to the sensors so far," he said.
“So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
The group could be in line for a reward of around $15,000, with donations submitted to the website istouchidhackedyet.com to try and find a hack of the security tool.
So far the status of the hack is set as a ‘maybe’ on the website, with the group assessing the video posted by the Chaos Computer Club to verify it definitely works before handing out the reward.
Security researcher David Emm at Kaspersky, said that if the hack was successful it would prove the downfall inherent in the fingerprint scanner technology.
“If the CCC has indeed found an easy way to circumvent the Touch ID technology, then it would suggest that Apple's 'highly secure' implementation may not be secure enough,” he said.
“Because of the nature of fingerprints, you effectively leave your password everywhere you go, so unless a fingerprint reader is able to fully distinguish between a real finger and a fake one, a fingerprint scan is a poor substitute for a password.”
Demand for Apple’s new devices broke new records this weekend after the firm revealed selling nine million devices. It also said that 200 million devices have updated to the new iOS 7 operating system.

No comments:

Post a Comment