Touch ID Bypass Detailed, 'Average Consumer' Shouldn't Worry

Over the weekend, the Chaos Computer Club announced that it had bypassed Apple’s Touch ID sensor using a photograph of a fingerprint to create a fake fingerprint model.

The full fingerprint emulation process has now been detailed in a new video from CCC member Starbug and replicated by security expert Marc Rogers, who believes the average consumer has nothing to worry about.


As seen in the video, the CCC uses a fingerprint taken from the screen of the iPhone 5s and then uses a complicated multi-step process to convert it to a usable print. According to Starbug, who spoke to Ars Technica, the process "was way easier than expected," taking just 30 hours to complete.

I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial.

The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security.

While Starbug suggests that the hack is "very easy" and can be completed with "inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs," Marc Rogers, who also completed the bypass, disagrees, noting that it requires "over a thousand dollars worth of equipment."touchid

But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial.

Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician.

Rogers goes on to explain the process, which requires an unsmudged, complete print of the correct finger and a way to “lift” the print using cyanoacrylate (super glue) fumes, fingerprint powder, and fingerprint tape. The lifted fingerprint must then be photographed, edited, and printed onto transparency film, where it is converted to a usable fingerprint via a PCB board or a laser printer.

Even when all of these steps are created, using the fake fingerprint was "tricky" and prone to failure.

So what do we learn from all this?

Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don’t forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it.

However, let’s be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn’t a threat that many of us face.

With Touch ID able to be bypassed through a fake fingerprint, it remains unclear how the system functions. According to Apple, the sensor uses advanced capacitive touch and takes a high-resolution image from the “sub-epidermal layers” of skin, a process that, theoretically, should render a fake fingerprint useless. Starbug speculates that this is due to Apple's desire for usability over security, noting that the sensor will be defeated if the fake fingerprint is "sufficiently close" to the characteristics of human tissue.

Since its release, Touch ID has been the subject of much scrutiny. Senator Al Franken has sent a letter to Tim Cook asking a number of questions about the security of the system and the exact fingerprint storage process, and Apple has published an extensive knowledge base article about the benefits of the Touch ID system to alleviate some consumer concerns.

Related Forum: iPhone

Popular Stories

WWDC25 Live Coverage Feature 1

WWDC 2025 Apple Event Live Keynote Coverage: iOS 26, macOS Tahoe, and More

Monday June 9, 2025 9:00 am PDT by
Apple's Worldwide Developers Conference (WWDC) starts today with the traditional keynote kicking things off at 10:00 a.m. Pacific Time. MacRumors is on hand for the event and we'll be sharing details and our thoughts throughout the day. We're expecting to see a number of software-related announcements led by a design revamp across Apple's platforms that will also see the numbering of all of...
maxresdefault

Everything Apple Announced at WWDC 2025 in 9 Minutes

Monday June 9, 2025 5:21 pm PDT by
At today's WWDC 2025 keynote event, Apple unveiled a new design that will inform the next decade of iOS, iPadOS, and macOS development, so needless to say, it was a busy day. Apple also unveiled a ton of new features for the iPhone, an overhauled Spotlight interface for the Mac, and a ton of updates that make the iPad more like a Mac than ever before. Subscribe to the MacRumors YouTube channel ...
liquid glass

Apple Announces All-New 'Liquid Glass' Software Redesign Across iOS 26 and More

Monday June 9, 2025 10:13 am PDT by
Apple today announced a complete redesign of all of its major software platforms called "Liquid Glass." Announced simultaneously for iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and CarPlay, Liquid Glass forms a new universal design language for the first time. At its WWDC 2025 keynote address, Apple's software chief Craig Federighi said "Apple Silicon has become dramatically more powerful...
iPadOS 26 Apple Newsroom

Apple Says iPadOS 26 is Compatible With These iPad Models

Monday June 9, 2025 11:22 am PDT by
Apple today announced that iPadOS 26 will be compatible with the iPad models listed below. iPadOS 26 features a new Liquid Glass design, a menu bar, improved app windowing, and more. iPadOS 26 supports the following iPad models:iPad Pro (M4) iPad Pro 12.9-inch (3rd generation and later) iPad Pro 11-inch (1st generation and later) iPad Air (M2 and later) iPad Air (3rd generation and...
iPhone Car Key WWDC 2025

Apple Says These 13 Vehicle Brands Will Soon Offer iPhone Car Keys

Monday June 9, 2025 2:38 pm PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. During its WWDC 2025 keynote today, Apple said that 13...
Apple WWDC25 iOS 26 hero 250609

Apple Announces iOS 26 With 'Liquid Glass' Design, Live Translation, Overhauled Phone App, and More

Monday June 9, 2025 11:00 am PDT by
Apple at WWDC announced iOS 26, introducing a comprehensive visual redesign built around its new "Liquid Glass" concept, alongside expanded Apple Intelligence capabilities, updates to core communication apps, and more. Liquid Glass is a translucent material that reflects and refracts surroundings to create dynamic, responsive interface elements, according to Apple. The new design language...

Top Rated Comments

portishead Avatar
153 months ago
I'm just not that important for someone to go through all that trouble to fake my fingerprint. I'll continue to use Touch ID. It works fine for what I use it for.
Score: 43 Votes (Like | Disagree)
Dwalls90 Avatar
153 months ago
If we could just add a short password and use TouchID then I think everything would be more secure.

No thanks.

Why would I want to use TouchID AND a passcode?

TouchID is supposed to remove the need for the passcode ...
Score: 25 Votes (Like | Disagree)
portishead Avatar
153 months ago
It's just not save enough.

It frign save i promis
Score: 22 Votes (Like | Disagree)
pk7 Avatar
153 months ago
Before people say:

"I can't believe it! Anyone can hack my iPhone with thousands of dollars worth of stuff like an image scanner, a laser printer, and a kit for etching PCBs, all in only 30 hours!?

Touch ID is a failure!!! :mad:"
Score: 22 Votes (Like | Disagree)
Benjamins Avatar
153 months ago
use your nipples instead.
Score: 20 Votes (Like | Disagree)
peejack Avatar
153 months ago
They didn't 'bypass' anything.

Grow up mac rumours.
Score: 20 Votes (Like | Disagree)