Apple’s iPhone 5s fingerprint scanner reportedly hacked by German group

KAY NIETFELD/EPA - Hackers claim they’ve found a way to fool Apple’s new fingerprint scanner. Above, a file photo dated 10 September 2013 showing new models of the Apple iPhone 5S on display in the Apple Store in Berlin, Germany.

A team of hackers in Germany are claiming that they have successfully cracked Apple’s new fingerprint scanner, which the company calls TouchID, and were able to unlock an iPhone 5s using an artificial copy of a fingerprint.

As the BBC reported, the hackers say they bypassed the security system by “photographing a fingerprint left on a glass surface” and creating a fake finger to press on the sensor.

Multimedia

A woman sits in a car made of glass on display at the TRW booth, a worldwide leader in car protections systems during the second press day of the 65th Frankfurt Auto Show in Frankfurt, Germany, Wednesday, Sept. 11, 2013. More than 1,000 exhibitors will show their products to the public from Sept. 12 through Sept. 22, 2013. (AP Photo/Frank Augstein)

2013 Frankfurt Auto Show

A see-through car, an electric F1 street racer and a baby carriage with some phat wheels are among the displays.

More tech stories

Microsoft shows off its Surface 2

Microsoft shows off its Surface 2

The firm’s newest tablets go up for pre-order on Tuesday.

Apple’s iPhone 5s fingerprint scanner reportedly hacked

Apple’s iPhone 5s fingerprint scanner reportedly hacked

A German group says it has cracked the new Touch ID on the tech firm’s higher-end smartphone.

Review: iTunes Radio benefits from ubiquity, fewer ads

Review: iTunes Radio benefits from ubiquity, fewer ads

But song choice is a miss more than a hit.

Apple did not immediately respond to a request for comment. On its company Web site, the firm says that fingerprint security is strong because the chances that another fingerprint may contain a section similar enough to unlock a user’s phone is 1 in 50,0000.

But the group claiming to have cracked Apple’s security feature, the Chaos Computer Club, said that all it had to do to trick the sensor was to make a “higher resolution” phony finger, which could be done by pulling a print off glass.

“As we have said now for more than [sic] years, fingerprints should not be used to secure anything, one of the group’s members said in a blog post. “You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

The group also posted a video showing someone programming an iPhone 5s to recognize one finger, and then using a cover over a different finger that does not appear to be programmed into the phone to unlock the device.

Sen. Al Franken (D-Minn.) had already asked the company for more information on how the device stores information on users’ fingerprints, using some of that same arguments for caution.

“If someone hacks your password, you can change it, as many times as you want. You can’t change your fingerprints,” Franken wrote in a letter to Apple. “You have only ten of them. And you leave them on everything you touch; they are definitely not a secret.”

The fingerprint scanner is not the only security feature on the iPhone, but it can be used to replace the standard four-digit pin in many cases. Users who opt to use the fingerprint scanner will still have to use a pin when they restart their phones if they haven’t unlocked their phones for more than 48 hours or when they want to open or change settings on the “passcode and fingerprint setting” menu.

In another security issue, outside researchers have identified a bug on Apple’s new operating system, iOS 7. They said people can bypass the lockscreen and to send messages, make calls and see some contact information on users’ phones by using the Siri voice assistant from the lock screen.

Cenzic, a security firm based in California, said Friday that it had uncovered the flaw and that it found that the Siri issued also affected some functions in iOS 6.

“This vulnerability indicates that there is a thin line between security and convenience,” wrote Cenzic’s vice president of engineering, Tyler Rorabaugh. “Functionality like calling phone numbers, sending messages and sending emails, even if the phone is locked, can be debated as security over convenience, but there is no setting that can control this if Siri is enabled. A user might need to disable SIRI completely to stop this.”

In a statement, an Apple spokeswoman confirmed that the company was aware of the Siri bug and investigating the issue.

“Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update,” she said in a statement.

 
jlm656
5:24 PM GMT+0100
I was skeptical that the fingerprint alone was anything more than a convenience feature. Security will require two-factor authentication. Siri offers a potential modality for the second factor - voice recognition. Otherwise, for security the fingerprint scanner will need to be paired with a PIN, just as it is with most fingerprint systems.
Tom-MidlothianVA
5:22 PM GMT+0100
For this crack to work, the bad guys have to have physical possession of your phone, meanwhile there has to be a clear fingerprint on the screen for them to copy. I think Apple is correct in predicting the low probability of this happening to anyone. If you left your iPhone on the seat of a taxi and a bad guy picked it up, what are the chances there is still a clear image of your finger print on the screen? After shutting your iPhone down just wipe the screen clean. Their hack is useless. Your OK. I think the Germans are claiming a victory that is false, but hey what do I know? I don't even own a iPhone, mine is an old LG with keyboard.
CalypsoSummer
5:25 PM GMT+0100
You're sitting on the Metro, you're texting your honey, the train pulls in, it's crowded, someone runs for the door, and grabs your phone on the way. Your fingerprints are all over it.