Tuesday, July 29, 2014         

 Print   Email   Comment | View 6 Comments   Most Popular   Save   Post   Retweet

Hacking group claims it can break iPhone fingerprint lock

By Frank Jordans

Associated Press

LAST UPDATED: 01:11 p.m. HST, Sep 23, 2013

BERLIN >> The fingerprint-based security system used to unlock Apple's latest iPhone can be bypassed using a household printer and some wood glue, a German hacking group has claimed.

A spokesman for the Chaos Computer Club said the group managed to fool the biometric sensor in the iPhone 5S over the weekend by creating an artificial copy of a genuine fingerprint.

"It was surprisingly easy," Dirk Engling told The Associated Press in a telephone interview Monday, a day after the group announced the exploit on its website.

A member of the Chaos Computer Club going by the pseudonym Starbug took a high-resolution photograph of a fingerprint left on a glass surface, printed it onto a transparent sheet and smeared the pattern with liquid latex or wood glue. Once the glue set, it could be peeled off and placed on another finger to mimic the genuine print, said Engling.

"We used this method 10 years ago and didn't have to change much for the iPhone," he said. "The hardest bit was getting hold of one of those new iPhones because they are chronically sold out."

Engling said the Chaos Computer Club, which has a long history of finding security flaws in soft- and hardware, documented the procedure with several videos so independent experts could verify it.

David Emm, a senior security researcher at Kaspersky Labs, said the German group's claims exposed the flipside of biometric security systems designed to replace passwords or PIN numbers commonly used nowadays.

"If my passcode becomes compromised, I can simply replace it with a new one -- hopefully one that's more secure. But I can't change my fingerprint -- it's part of what I am and so I'm stuck with it," Emm said.

Engling suggested that Apple could have made its fingerprint system more secure, but that this might have caused problems for users if they didn't swipe their finger across the miniature scanner properly and thus got locked out of the device after repeated failed attempts.

"Apple had to strike a balance between security and user-friendliness," he said.

Apple didn't respond to repeated requests for comment.

 Print   Email   Comment | View 6 Comments   Most Popular   Save   Post   Retweet

You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
AhiPoke wrote:
Sick people. Anyway, locks are generally meant to keep honest people honest. Locks have rarely been effective stopping crooks.
on September 23,2013 | 01:50PM
CriticalReader wrote:
What took so long?
on September 23,2013 | 06:45PM
joshislost wrote:
yah just tell everyone how to do it.media is just as stupid
on September 23,2013 | 09:05PM
GooglyMoogly wrote:
This is a proven method to thwart fingerprint readers, so it's not unique to the iPhone. Most security experts agree this is NOT an acceptable form of authentication. You think it's a hassle changing a password? Try changing a fingerprint. You can only do it ten times.
on September 23,2013 | 10:13PM
BigOpu wrote:
I tell you what. I'll take my chances that the person who steals my phone won't have a good finger print of mine from a glass surface, a high resolution camera to print my fingerprint onto a clear sheet of paper, using liquid latex to lift a copy of my finger print. And if he/she does, I'd probably track it down with the gps that is still powered by find my iphone or have the contents wiped via icloud. Not too worried
on September 23,2013 | 10:27PM
localguy wrote:
Apple has a kickback deal with NSA, receiving $.25 for ever fingerprint they give them. You really didn't think this was a secure process did you?
on September 24,2013 | 05:31AM
Breaking News