Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,522
30,804



The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor with a photo of the original user's fingerprint. The bypass is demonstrated in this short video:

The system is detailed in a how to which requires obtaining the original user's fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Click to expand...
Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Article Link: Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
 
Article Link
https://www.macrumors.com/2013/09/22/chaos-computer-club-bypasses-apples-touch-id-system/
Eddy Munn

Eddy Munn

macrumors 6502
Dec 27, 2008
377
758
Oh dear! At least they won't be ripping my fingers off any time soon.
arn said:
which is in itself ridiculous.
Click to expand...
Of course it's ridiculous, maybe that wasn't apparent in what I said.
 
Last edited:
SuprUsrStan

SuprUsrStan

macrumors 6502a
Apr 15, 2010
715
1,015
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
 
F

flash84x

macrumors regular
Aug 5, 2011
189
132
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.

This just in, every single passcode system bypassed by first acquiring user's passcode.
 
arn

arn

macrumors god
Staff member
Apr 9, 2001
16,363
5,795
Eddy Munn said:
Oh dear! At least they won't be ripping my fingers off any time soon.
Click to expand...

which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
 
T

the411

macrumors newbie
Sep 21, 2012
19
0
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
Click to expand...

So it's that simple... :rolleyes:
 
I

iSpud

macrumors member
Jan 16, 2004
92
0
Minnesota
Huh? Haven't we known this is a way around these sensors?

I have a way to bypass a password too...Look at the post-it of a users passwords and copy them down. Then type it into the iPhone to bypass the login.

</sarcasm>
 
somethingelsefl

somethingelsefl

macrumors 6502
Dec 22, 2008
461
204
Tampa, FL
Still more secure than a 4-digit passcode...also, maybe this is new information...but NO security protocol is flawless, there is always room for improvement.

I mean come on! The device is activation locked, fingerprint locked, and in a secure app environment...I don't see how people can say that Apple devices aren't the most secure consumer-level smartphones.
 
goobot

goobot

macrumors 603
Jun 26, 2009
6,484
4,375
long island NY
Wait, did they lift the print off the phone or actually photograph the guys finger? If it is a photograph then this means nothing...
 
Eriamjh1138@DAN

Eriamjh1138@DAN

macrumors 6502a
Sep 16, 2007
849
826
BFE, MI
So as long as one has access to the actual finger and whatever the heck can take pics at 2400dpi, one can make a "working copy" of it. Seems easier to beat the **** out of someone for the 4-digit passcode.

It's still pretty damn secure no matter what anyone says. The fact that the code is still a measly 4 digits is the weakest link of all.
 
Rogifan

Rogifan

macrumors Penryn
Nov 14, 2011
24,134
31,180
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple. :rolleyes:
 
illegalprelude

illegalprelude

macrumors 68000
Mar 10, 2005
1,583
120
Los Angeles, California
So basically, you need a few thousand dollars, knowledge, and time to break into the device. Yes, this seems like a real threat for 99.5% of people :rolleyes:

Unless you can place someone else's thumb and get through, TouchID works. Apple designed this for consumers, not to protect the countries nuclear facilities
 
QCassidy352

QCassidy352

macrumors G5
Mar 20, 2003
12,028
6,036
Bay Area
syan48306 said:
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
Click to expand...

Well said. No security is perfect. Touch ID will still be a strong protection against most intruders.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom