iPhone5S TouchID – Hacked

The generous slew of pledged rewards go to Starbug of the Chaos Computer Club  from Germany.

Starbug of CCC Hacks iPhone5S Touch ID

Starbug of CCC Hacks iPhone5S Touch ID

A few days before Apple released the iPhone5S, security researchers Nick Depetrillo, Robert David Graham, et al. challenged other security researchers and hackers to hack Apple’s new security measure, Touch ID, a fingerprint sensor (here’s a link to that blog post if you want to read the details). The announcement was made on Twitter, with a guide line, and the rewards were pledged by various techies all over the world on a website.

The contest started when Apple released the iPhone 5S on September 20th. The hackers say the sensor for the Touch ID is identical to any other sensor. Bypassing the system can be done very easily with everyday tools. All you need is a camera, a laser printer, and some wood glue.

1. Enroll a fingerprint

2. Photograph the enrolled user’s fingerprint with 2400 dpi resolution

3. Clean up the image, invert, print the fingerprint on a transparent sheet with a thick toner setting, with 1200 dpi resolution

4. Smear woodglue over the print on the transparent sheet. Wait until the woodglue cures.

5. Lift the woodglue print carefully, breathe onto it to add moisture (just enough to replicate moisture on a human body)

6. Place print on the sensor and unlock the enrolled user’s iPhone 5S

Roboscan offers our congratulations to Starbug for successfully hacking Apple’s security method without cutting off any limbs or taking advantage of the user. How do you think this information will influence the future of security measure development?

Related Reading: http://gizmodo.com/hackers-iphone-5s-fingerprint-security-is-not-secure-1367817697

Advertisements

iPhone 5S Feature becomes New Target for Hackers

A couple days ago, Apple released information about the upcoming release of the iPhone5S. Of the updates implemented to the newest version, the embedded fingerprint sensor feature called “Touch ID” has grabbed the attention of people all over the world; including that of hackers.

Security researchers Nick Depetrillo, Robert David Graham, Dam Kaminsky and others, were talking about the safety of the fingerprint sensor on Twitter when Mr. Depetrillo decided to post a challenge.

Nick Depetrillo announces hack challenge on Twitter

Nick Depetrillo announces hack challenge on Twitter

Soon after, istouchidhackedyet.com was created. More security researchers and hackers pitched in, offering more incentives. The grand prize for the first person to “enroll print, place it, lift it, reproduce it, use the reproduction to unlock the phone without being locked. Video”, the basic conditions dictated by Depetrillo’s tweet,  is now over $13,000, a couple bottles of wine and hard liquor, and even books.

With the iPhone 5S due to launch this Friday, the competition hasn’t begun yet. But once hackers get their hands on the iPhone 5S, who knows what the coming weekend will bring?

Related reading: Hackers Set Sights on iPhone 5S Fingerprint Scanner