Security measures were meant to be broken. Just 48 hours after the iPhone 5s hit shelves, a Germany based group called the Chaos Computer Club succeeded in fooling its super-hyped new Touch ID fingerprint–scanning security system. Apple touted Touch ID as a “convenient and highly secure way to access your phone,” but just how secure is now debatable.
The hack, sponsored by an independent online contest, was created by a security researcher named Starbug and involves taking a high-resolution image of the user’s fingerprint and transposing it onto a thin sheet of latex after creating a glue model of it. “In reality,” says Starbug, “Apple’s sensor just has a higher resolution than sensors so far. So we only needed to ramp up the resolution of our fake.” Fingerprint readers have long faced vulnerabilities, and simple ones can generally be fooled by a good copy.
Starbug was awarded $11,000 for the hack and continues to receive donations even though the contest to hack Touch ID has ended.
While hackers say the method requires no secret agent finesse and is quite easy, it’s still complicated enough that most iPhone 5s users aren’t so likely to have their phones compromised by an everyday thief. Since many current smartphone owners use no security measures at all, Touch ID is still an improvement.
