The Chaos Computer Club (CCC), a group of European hackers who have a history of demonstrating the weaknesses in various computer systems since the 1980’s, has successfully tricked the fingerprint reader on the iPhone 5S using a photograph of a fingerprint taken off glass!
Related: How Fingerprint scanners work
In a scene which looks like it came from a Hollywood hi-tech thriller, the CCC lifted the fingerprint of a glass surface by taking a high-resolution (2400 dpi) photo and then printing it in a inverted form (so most of the print out is black and the fingerprint is clear) onto a transparent sheet with a thick toner setting. Then pink latex milk or white woodglue is smeared onto the transparent sheet and left to dry. The fake fingerprint can then be peeled off and after breathing on it (to make it a bit moist) it can be used to trick Apple’s TouchID and the biometric security built into the iPhone 5S.
These are the exact same steps that the CCC published in 2004 on its web site and the same process that can be used, with minor tweaks, to trick the vast majority of fingerprint sensors on the market.
This demonstrates – again – that fingerprint biometrics are unsuitable as an access control method and should be avoided.
This isn’t the first time that the CCC has demonstrated the fragility of biometric security. In a protest about the use of biometric data in Germany’s e-passports the group lifted and published the fingerprints of the then German Minister of the Interior Wolfgang Schäuble in its club magazine. The magazine included a thin film that could be taped over a finger to deceive fingerprint readers with Schäuble’s fingerprint – very Mission Impossible!
If you don’t believe it is possible, check out this video: