The generous slew of pledged rewards go to Starbug of the Chaos Computer Club from Germany.
A few days before Apple released the iPhone5S, security researchers Nick Depetrillo, Robert David Graham, et al. challenged other security researchers and hackers to hack Apple’s new security measure, Touch ID, a fingerprint sensor (here’s a link to that blog post if you want to read the details). The announcement was made on Twitter, with a guide line, and the rewards were pledged by various techies all over the world on a website.
The contest started when Apple released the iPhone 5S on September 20th. The hackers say the sensor for the Touch ID is identical to any other sensor. Bypassing the system can be done very easily with everyday tools. All you need is a camera, a laser printer, and some wood glue.
1. Enroll a fingerprint
2. Photograph the enrolled user’s fingerprint with 2400 dpi resolution
3. Clean up the image, invert, print the fingerprint on a transparent sheet with a thick toner setting, with 1200 dpi resolution
4. Smear woodglue over the print on the transparent sheet. Wait until the woodglue cures.
5. Lift the woodglue print carefully, breathe onto it to add moisture (just enough to replicate moisture on a human body)
6. Place print on the sensor and unlock the enrolled user’s iPhone 5S
Roboscan offers our congratulations to Starbug for successfully hacking Apple’s security method without cutting off any limbs or taking advantage of the user. How do you think this information will influence the future of security measure development?