Here’s how iPhone 5S Fingerprint Touch ID Can be Hacked

iPhone 5S Fingerprint Hack

iPhone 5S Fingerprint Hack

After numerous rumors about Apple including a fingerprint sensor in iPhone 5S were published, we finally have the new iPhone with a biometric sensor that Apple calls Touch ID. The purchase of AuthenTec, a company that specialises in fingerprint lock technology made this feature possible in the new iPhone.

Apple is known for integrating hardware and software features seamlessly and the new fingerprint scanner is probably one of the best examples out there right now. Fingerprint scanning has been used in many devices before however, the ease of use on the iPhone sets a new standard. Instead of swiping your finger over the sensor Apple has made it as intuitive as touching the home button by placing the sensor right below it.

During the keynote presentation Apple’s SVP of marketing, Phil Schiller noted that half of the customer don’t set a passcode on their devices. By introducing Touch ID Apple is making it easier and hassle free for users to remember their pass-codes. With the iPhone 5S once you register your fingerprint your finger becomes your password and there is virtually no need to remember your passcode to unlock your phone.

When we think of setting up a passcode, the first suggestion is to make sure its unique and hard for someone else to figure out. But, with the new iPhone when you set your fingerprint as your password you’re setting a password which is easily available on anything you touch. Bruce Schneier, a security technologist, on his blog Schneier on Security {via GigaOM} has written an excellent piece on how secure is the biometric technology. Schneier notes that it is possible to hack fingerprint locks using various techniques.

… someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone

In an old episode of MythBusters, it was shown that after securing fingerprints of a person by making him touch the cover of a CD, an exact replica of the ridges in the finger was created. This was then used in different formats, using 3D thumbprint imprinted ballistics gel, 3D thumbprint imprinted latex strip and photocopy of a scanned image of the fingerprint.

The hack worked on all occasions. Some fingerprint scanners also look for body temperature or moisture and even that could be replicated by licking the latex strip to create a sweaty feel.

Schneier notes that the technology becomes more vulnerable if the database that stores fingerprints is centralised. However, in the case of iPhone 5S it will be encrypted on the new A7 chip.

Apple recently shared some new information regarding the new fingerprint sensor and Touch ID. A spokesperson for the company mentioned {via Wall Street Journal} that in addition to the Touch ID a user will have to setup a passcode.

In an event of failure to recognize the fingerprint iPhone will use your passcode as a fallback. In case the phone is rebooted or hasn’t been unlocked for 48 hours the fingerprint scan won’t be accepted as means to unlock the phone.

Given the fact that Apple realises that it isn’t impossible to bypass the fingerprint sensor, the company has put in place such security measures to ensure the iPhone is protected in any scenario.


Leave a Reply