Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor with a photo of the original user's fingerprint. The bypass is demonstrated in this short video:


The system is detailed in a how to which requires obtaining the original user's fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Top Rated Comments

(View all)

12 months ago
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.

This just in, every single passcode system bypassed by first acquiring user's passcode.
Rating: 155 Votes
12 months ago

First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.


So it's that simple... :rolleyes:
Rating: 140 Votes
12 months ago
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
Rating: 115 Votes
12 months ago

Oh dear! At least they won't be ripping my fingers off any time soon.


which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
Rating: 82 Votes
12 months ago
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple. :rolleyes:
Rating: 79 Votes
12 months ago
This is why I use a different body part ;)
Rating: 77 Votes
12 months ago
So basically, you need a few thousand dollars, knowledge, and time to break into the device. Yes, this seems like a real threat for 99.5% of people :rolleyes:

Unless you can place someone else's thumb and get through, TouchID works. Apple designed this for consumers, not to protect the countries nuclear facilities
Rating: 69 Votes
12 months ago
Still more secure than a 4-digit passcode...also, maybe this is new information...but NO security protocol is flawless, there is always room for improvement.

I mean come on! The device is activation locked, fingerprint locked, and in a secure app environment...I don't see how people can say that Apple devices aren't the most secure consumer-level smartphones.
Rating: 48 Votes
12 months ago
With that shaky a hand, he must be faking this!
Rating: 39 Votes
12 months ago
Is he being held at gunpoint while doing this? Shaky...
Rating: 38 Votes

[ Read All Comments ]