Apple’s new iPhone 5s boasts something called a Touch Sensor ID.  Instead of using a pin to access the iPhone’s stored contents or make purchases from the app store using a password, you can now simply place your finger on the sensor.

When Apple announced the iPhone 5s they touted this new technology as not only revolutionary, but extremely secure since it reads the fingerprint at the subdermal level.  This in turn makes it far more secure than other fingerprint readers that have been embedded into consumer devices in the past.  However, that seems to be complete BS, at least according to Chaos Computer Lab who claims to have bypassed the sensor using what they call “every day means”.

So how did they do it?  The short and simplified explanation is that they lifted (i.e. high rez photograph) the fingerprint, the one matched to the Touch Sensor ID, from a piece of glass.  They then inverted it and laser printed it onto a transparent sheet with a thick toner setting.  Next, they smeared the print with wood glue, let it dry and then whalla, they had what they claim is a detailed enough fingerprint to bypass the Touch Sensor ID.  For a more detailed look, hit the video.

The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

So provided it’s legit, Apple has some explaining to do.  But before you head back to the Apple store to return your iPhone 5s, consider the process and challenges one would have to go through to steal your fingerprint.  For the average consumer this loophole or security flaw will be a none issue.  Moreover, most people hardly have secure pins, so arguable, and even in light of the aforementioned hack, the Touch Sensor ID is likely still more secure.

Of note, why is the guy’s hand shaking like a leaf?



Christen Costa

 
Grew up back East, got sick of the cold and headed West. Since I was small I have been pushing buttons - both electronic and human. With an insatiable need for tech I thought "why not start a blog focusing on technology, and use my dislikes and likes to post on gadgets."