Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,581
13,207



The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor with a photo of the original user's fingerprint. The bypass is demonstrated in this short video:

The system is detailed in a how to which requires obtaining the original user's fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Article Link: Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
 

Eddy Munn

macrumors 6502
Dec 27, 2008
317
334
Oh dear! At least they won't be ripping my fingers off any time soon.
which is in itself ridiculous.
Of course it's ridiculous, maybe that wasn't apparent in what I said.
 
Last edited:
Comment

SuprUsrStan

macrumors 6502a
Apr 15, 2010
703
918
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
 
Comment

flash84x

macrumors regular
Aug 5, 2011
189
132
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.

This just in, every single passcode system bypassed by first acquiring user's passcode.
 
Comment

arn

macrumors god
Staff member
Apr 9, 2001
15,650
4,461
Oh dear! At least they won't be ripping my fingers off any time soon.

which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
 
Comment

the411

macrumors newbie
Sep 21, 2012
19
0
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.

So it's that simple... :rolleyes:
 
Comment

iSpud

macrumors member
Jan 16, 2004
92
0
Minnesota
Huh? Haven't we known this is a way around these sensors?

I have a way to bypass a password too...Look at the post-it of a users passwords and copy them down. Then type it into the iPhone to bypass the login.

</sarcasm>
 
Comment

somethingelsefl

macrumors 6502
Dec 22, 2008
448
176
Tampa, FL
Still more secure than a 4-digit passcode...also, maybe this is new information...but NO security protocol is flawless, there is always room for improvement.

I mean come on! The device is activation locked, fingerprint locked, and in a secure app environment...I don't see how people can say that Apple devices aren't the most secure consumer-level smartphones.
 
Comment

goobot

macrumors 603
Jun 26, 2009
5,913
2,879
long island NY
Wait, did they lift the print off the phone or actually photograph the guys finger? If it is a photograph then this means nothing...
 
Comment

Eriamjh1138@DAN

macrumors 6502a
Sep 16, 2007
653
491
BFE, MI
So as long as one has access to the actual finger and whatever the heck can take pics at 2400dpi, one can make a "working copy" of it. Seems easier to beat the **** out of someone for the 4-digit passcode.

It's still pretty damn secure no matter what anyone says. The fact that the code is still a measly 4 digits is the weakest link of all.
 
Comment

Rogifan

macrumors Core
Nov 14, 2011
22,259
27,962
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple. :rolleyes:
 
Comment

illegalprelude

macrumors 68000
Mar 10, 2005
1,580
119
Los Angeles, California
So basically, you need a few thousand dollars, knowledge, and time to break into the device. Yes, this seems like a real threat for 99.5% of people :rolleyes:

Unless you can place someone else's thumb and get through, TouchID works. Apple designed this for consumers, not to protect the countries nuclear facilities
 
Comment

QCassidy352

macrumors G4
Mar 20, 2003
11,534
4,747
Bay Area
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.

Well said. No security is perfect. Touch ID will still be a strong protection against most intruders.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.