Touch ID Bypass Detailed, 'Average Consumer' Shouldn't Worry

Over the weekend, the Chaos Computer Club announced that it had bypassed Apple’s Touch ID sensor using a photograph of a fingerprint to create a fake fingerprint model.

The full fingerprint emulation process has now been detailed in a new video from CCC member Starbug and replicated by security expert Marc Rogers, who believes the average consumer has nothing to worry about.


As seen in the video, the CCC uses a fingerprint taken from the screen of the iPhone 5s and then uses a complicated multi-step process to convert it to a usable print. According to Starbug, who spoke to Ars Technica, the process "was way easier than expected," taking just 30 hours to complete.

I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial.

The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security.

While Starbug suggests that the hack is "very easy" and can be completed with "inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs," Marc Rogers, who also completed the bypass, disagrees, noting that it requires "over a thousand dollars worth of equipment."touchid

But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial.

Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician.

Rogers goes on to explain the process, which requires an unsmudged, complete print of the correct finger and a way to “lift” the print using cyanoacrylate (super glue) fumes, fingerprint powder, and fingerprint tape. The lifted fingerprint must then be photographed, edited, and printed onto transparency film, where it is converted to a usable fingerprint via a PCB board or a laser printer.

Even when all of these steps are created, using the fake fingerprint was "tricky" and prone to failure.

So what do we learn from all this?

Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don’t forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it.

However, let’s be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn’t a threat that many of us face.

With Touch ID able to be bypassed through a fake fingerprint, it remains unclear how the system functions. According to Apple, the sensor uses advanced capacitive touch and takes a high-resolution image from the “sub-epidermal layers” of skin, a process that, theoretically, should render a fake fingerprint useless. Starbug speculates that this is due to Apple's desire for usability over security, noting that the sensor will be defeated if the fake fingerprint is "sufficiently close" to the characteristics of human tissue.

Since its release, Touch ID has been the subject of much scrutiny. Senator Al Franken has sent a letter to Tim Cook asking a number of questions about the security of the system and the exact fingerprint storage process, and Apple has published an extensive knowledge base article about the benefits of the Touch ID system to alleviate some consumer concerns.

Top Rated Comments

portishead Avatar
94 months ago
I'm just not that important for someone to go through all that trouble to fake my fingerprint. I'll continue to use Touch ID. It works fine for what I use it for.
Score: 43 Votes (Like | Disagree)
Dwalls90 Avatar
94 months ago

If we could just add a short password and use TouchID then I think everything would be more secure.


No thanks.

Why would I want to use TouchID AND a passcode?

TouchID is supposed to remove the need for the passcode ...
Score: 25 Votes (Like | Disagree)
portishead Avatar
94 months ago

It's just not save enough.


It frign save i promis
Score: 22 Votes (Like | Disagree)
pk7 Avatar
94 months ago
Before people say:

"I can't believe it! Anyone can hack my iPhone with thousands of dollars worth of stuff like an image scanner, a laser printer, and a kit for etching PCBs, all in only 30 hours!?

Touch ID is a failure!!! :mad:"
Score: 22 Votes (Like | Disagree)
Benjamins Avatar
94 months ago
use your nipples instead.
Score: 20 Votes (Like | Disagree)
peejack Avatar
94 months ago
They didn't 'bypass' anything.

Grow up mac rumours.
Score: 20 Votes (Like | Disagree)

Top Stories

2020 apple shopping event

Apple Offering Up to $150 Gift Card With Select Products on Black Friday Through Cyber Monday

Monday November 23, 2020 2:53 am PST by
Apple has announced its annual four-day shopping event, offering customers up to a $150 Apple Store gift card with the purchase of select products between Black Friday and Cyber Monday in the United States. The gift card values in the United States are as follows: $150 for 16-inch MacBook Pro $150 for 21.5-inch iMac $50 for 13-inch MacBook Pro $50 for MacBook Air $50 for iPhone SE,...
0 Deals Hero

Black Friday 2020: Best Apple Deals to Plan For

Saturday November 21, 2020 10:00 am PST by
In the lead-up to Black Friday next week, we've been putting a spotlight on the best deals coming from various retailers like Best Buy and Walmart. In an effort to further prepare our readers for the best Black Friday deals, we're breaking down what we think should be on your radar for Black Friday in 2020. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
app store christmas icon

Apple Shutting Down App Store Connect From December 23 to December 27

Monday November 23, 2020 10:14 am PST by
Apple shuts down App Store Connect for a week around the holidays each year in an effort to give App Store staff time off from work. This year, App Store Connect will be unavailable from December 23 to December 27. With App Store Connect unavailable, Apple will not accept new apps or app updates, so all pricing changes and new app submissions need to be locked in before those dates for...
Target November Deals 1

Black Friday Spotlight: Target Begins Week-Long Sale With Deals on iPhone 12, Powerbeats Pro, and More

Monday November 23, 2020 8:07 am PST by
We've been tracking early Black Friday deals in our dedicated Black Friday Roundup, and in an effort to prepare our readers for the big shopping event we're highlighting sales store-by-store in the lead-up to November 27. Note: MacRumors is an affiliate partner with Target. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running....
ipad pro 2020 display

Black Friday Week Kicks Off With Up to $150 Savings on 2020 iPad Pro

Sunday November 22, 2020 2:37 pm PST by
As we head into Black Friday week, we're seeing some of the best deals of the season so far, with Amazon and Best Buy today discounting the latest iPad Pro models by up to $150 at the lowest prices we've ever tracked on these models. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep ...
mac mini macbook pro macbook air

Apple M1 Hands-On Comparison: MacBook Air vs. MacBook Pro vs. Mac Mini

Monday November 23, 2020 3:40 pm PST by
Apple's M1 Macs are out in the wild now, but ahead of the holidays, you might still be trying to figure out which one to pick up, either for yourself or as a gift for someone else. We've got all three of the new Macs available, so we thought we'd give MacRumors readers a hands-on overview of each machine in our latest YouTube video. Subscribe to the MacRumors YouTube channel for more videos. ...
macos big sur m1 macs restore issue

Apple Provides Instructions to Fix macOS Reinstallation Errors on M1 Macs

Sunday November 22, 2020 3:30 pm PST by
Shortly after the launch of Apple's new M1 Macs, we saw reports that attempts to restore and reinstall macOS on those machines right away could result in an installation error that would leave your Mac non-functional. Specifically, the error message would read: "An error occurred preparing the update. Failed to personalize the software update. Please try again." Over the weekend, Apple p...
max tech xcode benchmark m1 macbook

Video Demos Performance Differences Between 8GB and 16GB Apple M1 MacBook Pro

Monday November 23, 2020 2:54 pm PST by
All of the M1 Mac models use the same M1 chip, so the upgrade options are limited to SSD storage space and RAM. We haven't seen many comparisons that demonstrate the difference between a machine with 8GB RAM and the upgraded 16GB RAM option, but Max Tech today shared a video highlighting the performance between an 8GB MacBook Pro and a 16GB MacBook Pro. The video includes a series of...
iPhone 6s main

Rumor Claims iOS 15 to Drop Support for iPhone 6s and Original iPhone SE

Sunday November 22, 2020 9:25 am PST by
Apple will drop support for the iPhone SE, iPhone 6s, and iPhone 6s Plus in next year's release of iOS 15, according to a rumor shared today by Israeli site The Verifier. If the rumor is accurate, that would mean iOS 15 will be compatible with the following Apple devices: 2021 iPhone series iPhone 12 Pro Max iPhone 12 Pro iPhone 12 mini iPhone 12 iPhone 11 iPhone 11 Pro iPhone 11 Pro ...
new mac mini logicpro screen

M1 Macs Able to Run Up to Six External Displays Using DisplayLink

Tuesday November 24, 2020 6:53 am PST by
It is possible to run up to six external displays from the M1 Mac mini, and five external displays from the M1 MacBook Air and MacBook Pro, with the aid of DisplayPort adapters, according to YouTuber Ruslan Tulupov. This far exceeds Apple's specified limits on external displays with the M1 Macs. Apple's host of new M1 Macs are not capable of supporting as many external displays as their...