The famous hacker group Chaos Computer Club has published a long post to say that they had succeeded to "hack" the Touch ID sensor of the iPhone 5s. The method is relatively simple and involves having a high definition copy of the footprint to counterfeit - photographed in 2400 DPI - , the resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting, before finally recreate the impression using a latex milk, lightly moistened before being applied to the sensor using an unregistered finger, and it works. A short video shows the exploit.
Even more interesting the CCC advantage of the opportunity to reaffirm once again that it is a very bad idea to use as a key to access an element that we leave everywhere, our fingerprints. "It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC.
The demonstration is convincing, although for counterfeit the footprint, some equipment and skill are needed. Having said that super hackers or other high-risk occupations, biometric security will probably show higher performance against theft, which is still the main risk to the ordinary people. Not to forget to mention, of course, that nearly half of the users do not protect their phone with a password, and that in this context ,the fingerprint is way much better than ... nothing.
