iPhone 5s Fingerprint Scanner Cracked, Claim German Hackers
Seemingly on cue, a group claims to have hacked the fingerprint scanning security technology featured prominently by Apple’s new iPhone 5s. The device has only been on the market for a few days, so the surprising part of this news isn’t so much that it’s happened, but the speed with which it’s happened.
According to an article in The Telegraph, the crack comes courtesy of German hacking group Chaos Computer Club, or CCC. The article says that they took a high-resolution, 2400 DPI photograph of the iPhone 5s user’s fingerprint, inverted and digitally cleaned up the image, and then laser printed it at 1200 DPI on a transparency sheet. After a few low-tech tweaks involving smearing the printed image with “pink latex milk or white woodglue,” the image was breathed on to get it slightly moistened, and then placed on the sensor to unlock the phone.
The CCC’s Frank Rieger released a statement on what it did, and what it means for users wowed by the fingerprint scanning technology:
“We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.”
The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
This echoes the claims made last week by a German government security official, John Caspar, who’s quoted again in The Telegraph article:
“Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect.”
And that, of course, is the rub. Caspar and CCC are absolutely right: using a fingerprint, voice command, or other supposedly secure biometric to safeguard sensitive or important data is crazy if you’re in charge of international banks or if you’re a potential target of Robert Redford and Sydney Portier’s team of computer hackers:
But the important point that the CCC and Caspar ignore is that while relatively easy to pull off, the fingerprint spoofing that the CCC pulled off isn’t likely to be targeted against everyday iPhone users. For the most part, you’re still probably safe to use a fingerprint scanner on your phone to buy a few new Daft Punk tracks from iTunes. You shouldn’t be too worried about whether or not the creepy dude sitting next to you at the library is pulling your fingerprints when you get up to use the bathroom.
At the same time, it’s also important to note that this is a workaround pulled off within one week of the iPhone 5s hitting stores. That means that other, more elegant ways of duplicating fingerprints may be worked out before too long. In the end, never doubt the ingenuity of those who wouldn’t mind ripping you off. There’s no such thing as truly “secure.”