The first confirmed hack of Apple’s Touch ID sensor was reported a few days ago by the Chaos Computer Club (CCC) member – Starbug. At the time, the report stated that the hack was easy to performed using material and equipment readily available.
According to the CCC report:
First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
However, in an update, CCC has backtracked on their earlier claim. They have now updated the report to say that the method employed above is somewhat unreliable and a new technique is now being used to spoof the iPhone 5s Touch ID sensor.
In the update, this is what they had to say:
The process described above proved to be somewhat unreliable as the depth of the ridges created by the toner was a little too shallow. Therefore an alternative process based on the same principle was utilized and has been demonstrated in an extended video available here. First, the residual fingerprint from the phone is either photographed or scanned with a flatbed scanner at 2400 dpi. Then the image is converted to black & white, inverted and mirrored. This image is then printed onto transparent sheet at 1200 dpi. To create the mold, the mask is then used to expose the fingerprint structure on photo-senistive PCB material. The PCB material is then developed, etched and cleaned. After this process, the mold is ready. A thin coat of graphite spray is applied to ensure an improved capacitive response. This also makes it easier to remove the fake fingerprint. Finally a thin film of white wood glue is smeared into the mold. After the glue cures the new fake fingerprint is ready for use.
Here is a video new method:
Earlier today, we reported that the techniques used to hack Touch ID in Apple’s iPhone 5s is not for the average thief.
According to Marc Rodgers, “It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don’t forget you only get five attempts before Touch ID rejects all fingerprints requiring a PIN code to unlock it.”
It’s unfortunate that this updated paragraph in the CCC’s original report is not making the headlines.