The iPhone 5S was released to the general public on Friday. Little more than 48 hours later, a group of hackers found a way to bypass the device's fingerprint-based security system that doesn't involve messy decapitation.
The Chaos Computer Club's Starbug was able to get past the iPhone's 5S TouchID security system by using a photo of your fingerprint and using glue or plastic to create a copy, like you've seen in countless spy movies. He modified existing biometric hacking methods slightly for the iPhone's TouchID. "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake," Starbug says.
His madness, explained:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Apple has yet to comment on hackers breaking through their landmark security system. "The technology within TouchID is some of the most advanced hardware or software we’ve put in any device," promises an Apple promotional video, as Buzzfeed points out.
But no, Starbug's hacking didn't take very long and it didn't take a genius stroke of luck. He just took the most obvious solution, and it worked. Oh well. At least it didn't involve chopping anything off. When Apple first announced the TouchID technology, most people figured thieves would start chopping off appendages when they snatched your phone, too.
Is Apple's biometric security still the best security system on the market? Yes, of course. It's still harder for the common crook to circumvent than a number code. And it's lightyears better than Android's Face Unlock feature, as The Verge points out. But if you're a super secret spy and thought this phone was the answer to all your problems, well, sorry.