Last week on The CaNews Podcast, Brad brought up the fingerprint biometric system for the new iPhone and it began quite the discussion. Half of us thought the system could be easily hacked, and the other was wrong.
Recently, after eye-rolling from the international hacker community about the safety of biometric identification, an international group of donors offered a prize for anyone able to hack the iPhone tech. A group in Germany did within days. The Chaos Computer Club defeated the scanner with some basic “cut, copy, paste” techniques.
I know what you’re thinking, “Oh, they took a fingerprint off something and scanned it”, and let me tell you… you’re pretty much right.
The group literally took a high resolution photo of a fingerprint (left on an iPhone, the very device to be hacked) at 2400dpi. To trick the scanner, they used a thicker ink (raising the print, creating grooves just like a real finger), then covered that with a liquid latex which copied the print like silly putty. They then simply raised the latex off, breathed on it for slight heat and moisture and pressed it to the iPhone 5S sensor. Boom. They were playing Peggle in no time.
The group was happy to display the flaws in the perception that biometric security offers a safer way to lock devices. This all comes only a couple weeks within Apple’s insistence that this technology was a leap forward and uncrackable.
Movies and tv make this technology seem really futuristic and sophisticated but really, it’s almost more hackable than remembering a password. Changing a password is also easier damage control than a biometric hack.