Germany’s Chaos Computer Club is claiming victory in a contest to see who’d be the first to hack Apple’s Touch ID fingerprint scanning system. The system provides an extra layer of security for Apple’s new iPhone 5S and 5C.
A crowdfunded bounty was offered for the first party to hack the system. The bounty was collected via hashtagged tweets promising a collection of rewards that include money, bitcoins, booze, a patent application and even a “sex book.”
Contributions were aggregated on a web site, IsTouchIDHackedYet.com.
The proposed solution is straight out of a James Bond movie, but the process seems accessible to anyone with a good camera and a laser printer. The process is detailed here, and a recent blog post on the Club’s web site includes the TLDR explanation…
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Chaos Computer Club spokesman Frank Rieger offered the following statement warning against biometrics as an end-all-be-all approach to security. “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token,” Rieger said. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.”
A previously reported $10,000 reward offered by IOCapital has apparently been pulled.
The Club posted the following video showing their process in action.
Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!