23 September, 2013
category: Biometrics
Who had 48-hours in the Touch ID spoof pool? Come on up and claim your prize.
Just two days after the iPhone 5S was released the Chaos Computer Club in Germany officially spoofed the Touch ID fingerprint scanner, surprising exactly no one.
The overwhelming popularity of the iPhone device, along with the introduction of the fingerprint scanner, painted a clear target on the new handset from the moment it was announced. It’s also not a secret that fingerprint scanners can be spoofed – or fooled – using a number of different techniques.
The Chaos Computer Club described the process here:
“First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white wood glue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.”
Apple hasn’t responded to the spoof.