Apple Inc. recently launched the iPhone 5S, the modified version of its flagship smartphone, the iPhone 5. One of the modifications that were made to the device included the introduction of a fingerprint scanner for security purposes instead of the usual PIN. However, according to Chaos Computer Club of Germany, they have managed to crack the protection of iPhone 5S fingerprint scanner only two days after the device officially went on sale. The group made a post to their website where they mentioned that a fingerprint of a user had been taken by their biometric team and photographed it from a glass surface.
Then a fake fingerprint was created that could be used on a real finger by putting it on a thin film and then using it to unlock the phone. A video was also shown to back up this claim and it will no doubt create concerns for businesses. This is because a number of users may have been planning to operate their corporate accounts with the phone. While physical access to the phone and a clean fingerprint is required for hacking the device, it still means that the risk of security breach is quite high. The blog post writer of the Chaos Club stated that this was proof that fingerprint biometrics is not a suitable method of access control.
He added that the only difference between Apple’s sensor and others in the market was a higher resolution. The resolution of the fake fingerprint had to be increased and the device can be opened. He asserted that the club had been insisting for years that using of fingerprints was not a secure method because fingerprints can also be lifted by people. Nonetheless, it wasn’t claimed by the group that they had accessed the fingerprint from the device itself. According to Apple, a secure chip is used for securing the fingerprint in the device.
A security specialist stated that relying on a fingerprint was acceptable in terms of casual security, but protection of sensitive data with it wasn’t advised or safe. No comment was made by Apple Inc. regarding the hack of the German club. This is the third revelation that has come to light since the last week launch of the iPhone and the iOS 7 software. First, it was discovered by a hacker that they could use a flaw in the Control Centre feature of iOS 7 for accessing emails and photos on the iPhone 4S and iPhone 5. Another discovered that a call to any number could be placed with the Emergency Call Screen.
The method of the fingerprint hack was revealed by the Chaos Club in detail. It showed that a high quality fingerprint was lifted from a glossy surface or glass doorknob and graphite powder is used for revealing it. Then a laser print is used for printing the fingerprint onto an overhead projector plastic. The fingerprint is then cut after covering with wood glue and then attached to the real finger. This touch ID system of Apple is could create issues with the new device for security conscious users.