Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,096
38,845



The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor with a photo of the original user's fingerprint. The bypass is demonstrated in this short video:

The system is detailed in a how to which requires obtaining the original user's fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Click to expand...
Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Article Link: Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
 
Article Link
https://www.macrumors.com/2013/09/22/chaos-computer-club-bypasses-apples-touch-id-system/
Oh dear! At least they won't be ripping my fingers off any time soon.
arn said:
which is in itself ridiculous.
Click to expand...
Of course it's ridiculous, maybe that wasn't apparent in what I said.
 
Last edited:
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
 
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.

This just in, every single passcode system bypassed by first acquiring user's passcode.
 
Eddy Munn said:
Oh dear! At least they won't be ripping my fingers off any time soon.
Click to expand...

which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
 
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
Click to expand...

So it's that simple... :rolleyes:
 
Huh? Haven't we known this is a way around these sensors?

I have a way to bypass a password too...Look at the post-it of a users passwords and copy them down. Then type it into the iPhone to bypass the login.

</sarcasm>
 
Still more secure than a 4-digit passcode...also, maybe this is new information...but NO security protocol is flawless, there is always room for improvement.

I mean come on! The device is activation locked, fingerprint locked, and in a secure app environment...I don't see how people can say that Apple devices aren't the most secure consumer-level smartphones.
 
Wait, did they lift the print off the phone or actually photograph the guys finger? If it is a photograph then this means nothing...
 
So as long as one has access to the actual finger and whatever the heck can take pics at 2400dpi, one can make a "working copy" of it. Seems easier to beat the **** out of someone for the 4-digit passcode.

It's still pretty damn secure no matter what anyone says. The fact that the code is still a measly 4 digits is the weakest link of all.
 
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple. :rolleyes:
 
So basically, you need a few thousand dollars, knowledge, and time to break into the device. Yes, this seems like a real threat for 99.5% of people :rolleyes:

Unless you can place someone else's thumb and get through, TouchID works. Apple designed this for consumers, not to protect the countries nuclear facilities
 
syan48306 said:
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
Click to expand...

Well said. No security is perfect. Touch ID will still be a strong protection against most intruders.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back