In a post on their site, the group says that their biometric hacking team took a fingerprint of the user, photographed from a glass surface, and then created a “fake fingerprint” which could be put onto a thin film and used with a real finger to unlock the phone.
The claim, which is backed up with a video, will create concerns for businesses which see users intending to use the phone to access corporate accounts. While it requires physical access to the phone, and a clean print of one finger which is one of those used to unlock the phone, it raises the risk of a security breach.
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided,” said the Chaos Club’s blogpost author, “Starbug”. “In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”
The group does not claim to have extracted the fingerprint representation from the phone itself, where Apple says it is held on a secure chip. Instead it relies on capturing a high-quality fingerprint elsewhere, and having access to the phone.
“Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect,” commented security specialist Graham Cluley.
Apple did not respond to a request for comment on the hack.
The revelation is the third security failing discovered since the phone and its iOS 7 software were released last week. First, a hacker found that they could use a flaw in iOS 7’s Control Centre feature on the iPhone 4S and 5 to access photos and send emails. Another found that the Emergency Call screen can be used to place a call to any number.
The Chaos Club details its methods for the fingerprint hack, which begins with a high-quality fingerprint lifted from a glass, doorknob or glossy surface. The print, which essentially consists of fat and sweat, is made visible using graphite powder or a component of superglue, and then photographed at high resolution to create a 2400 pixel-per-inch scan. That is then printed onto an overhead projector plastic slide using a laser print, forming a relief. That is then covered with wood glue, cut and attached to a real finger.
Apple introduced Touch ID, as it calls the fingerprint system, on its top-end iPhone 5S, unveiled earlier in the month. The technology uses a scanner built into the home button of the phone to take a high-resolution image from small sections of the fingerprint from the sub-epidermal layers of the skin. Apple says “Touch ID then intelligently analyses this information with a remarkable degree of detail and precision.”
Users can choose to use up to five fingerprints – which can be changed – to unlock the phone and optionally pay for iTunes Store purchases. They have first to create a passcode of at least four digits, and then “enrol” fingerprints separately. Apple says that the process creates a mathematical representation of the fingerprint representation, and that it is only stored on the phone.
Apple’s own notes about its Touch ID system on its site say that Touch ID will incrementally add new sections of your fingerprint to your enrolled fingerprint data to improve matching accuracy over time. Touch ID uses all of this to provide an accurate match and a very high level of security.”
The company says that “Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like “1234”, may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern.”
It notes that after five unsuccessful attempts to match the fingerprint, the user has to enter their passcode, and the fingerprint unlock will not work.
Speaking to BusinessWeek just after the iPhone 5S was unveiled, Craig Federighi, Apple’s head of software, emphasised that the fingerprints would not leave the phone. He said that making a finger unlocking and purchasing system “sounds like a simple idea, but how many places could that become a bad idea because you failed to execute on it? We thought, ‘Well, one place where that could be a bad idea is somebody who writes a malicious app, somebody who breaks into your phone, starts capturing your fingerprint. What are they doing with that? Can they reuse that in some other location? Can they use it to spoof their way into other people’s phones?'”
He said that Apple’s focus had been to make sure that “no matter if you took ownership of the whole device and ran whatever code you wanted on the main processor [you]could not get that fingerprint out of there. Literally, the physical lines of communication in and out of the chip would not permit that ever to escape.”
Baba Suwe finally addresses rumours of his ‘death’ (video)
Ailing actor, Babatunde Omidina aka Baba Suwe who recently landed in America for his medical treatment has just reacted to rumours...
Cee-C steps out in super hot Lingerie for Bam Bam’s 30th Lingerie private birthday bash (photos)
2018 BBNaija housemate Cee-C is all out here showing off her curves and yes we love it. The stunning reality...
Nigerians react as Dubai Police flaunt their exotic luxurious police cars
If you didn’t know the coolest police cars in the world reside in Dubai, you probably haven’t been on the...
Zari reacts after her ex, Diamond, accused her of cheating on him with Peter PSquare
Ugandan socialite, Zari Hassan, has taken to social media to blast her ex-boyfriend and babydaddy, Diamond Platnumz. The Tanzanian singer...
”Go and write lyrics” – Naira Marley tells Ruggedman
Naira Marley who fired back at Ruggedman in an Instagram live session, advised him to go and write lyrics instead...
Meet the intersex lady who is genetically male, and physically female (Video)
Intersex South African lady, Babalwa and her partner Thando sat for an interview with BBC health programme, Life Clinic, where...
”Two birds fought to death in my compound early this morning” – Man says
A Nigerian man took to popular social media platform to share his experience after seeing two birds fight to death...
Nigerian Lady finds dollar notes in 2nd hand bag she bought
A Nigerian lady identified as Lucy took to social media to share photo of the dollar notes she saw in...
Man sells hunchback mum to ritual killers for ₦7 million in Ondo
Detectives from Ondo State Police Command are on the trail of a man, who allegedly sold his mother with hunchback...
Man threatens to divorce wife for rendering him impotent
A lady shared a story on Facebook of how a woman who was afraid of losing her husband to ‘slay...
- Viral News2 days ago
Student reportedly dies after sleeping with girlfriend
- Viral News2 days ago
Chaos as car wash attendant is nabbed with human skeleton in Ibadan
- Entertainment News24 hours ago
Meet Yvonne Rofem self acclaimed tallest girl in Nigeria (Photos)
- Celebrity Gist2 days ago
Reality Star Alex Shows Off Outfit She Bought At A 2nd Hand Market
- Viral News2 days ago
Woman Born With No Arms And Knees Finds Love
- Trending News2 days ago
Nigerian Lady receives admission offer from 10 foreign universities
- Viral News2 days ago
Nigerian student murdered over money in Cyprus
- Entertainment News15 hours ago
Tunde Ednut under fire as Davido, Zlatan Ibile and Nairamarley stand against him