Apple's recently introduced TouchID biometric fingerprint sensor on the new iPhone 5s device can be easily bypassed with simple, everyday household items, a German group of hackers say.
The Chaos Computer Club biometrics hacking team utilised a technique going back to 2004, outlined by its member Starbug, to lift and create reusable copies of fingerprints to unlock a TouchID secured iPhone 5s.
CCC took a picture of the fingerprint of a TouchID enrolled user with 2400 dots per inch (dpi) resolution and cleaned up the image digitally. The image was then inverted and laser printed at 1200 dpi resolution onto a transparent sheet with thick toner setting.
Pink latex milk or white woodglue was then smeared into the toner pattern on the transparent sheet and allowed to cure.
Once cured, the CCC hackers lifted the thin latex sheet off the transparency, and breathed on it to make it moist and were able to place it onto the iPhone 5s sensor to unlock the phone.
How the CCC defeated TouchID; source: CCC
According to CCC, the same technique has been successfully used on the vast majority of fingerprint sensors on the market.
"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", according to CCC member Starbug.
"As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," said Starbug.
CCC spokesperson Frank Rieger added that "we hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token."
"The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access," Rieger said.
The Chaos Computer Club is one of Germany's oldest information technology associations, having been founded in 1981 and now has around 3600 members.