A group of hackers in Germany says it has found
a way to bypass the fingerprint-sensor security
system on the new iPhone 5S.
The hackers claim they fooled the Touch ID
biometric security of the iPhone 5S by
photographing a fingerprint left on a glass
surface and using the resulting image to create
a fake “finger” which unlocked the phone. They
demonstrated their exploits in a video posted
Sunday to YouTube.
“We hope that this finally puts to rest the
illusions people have about fingerprint
biometrics. It is plain stupid to use something
that you can´t change and that you leave
everywhere every day as a security token,”
said Frank Rieger, a spokesman for the group,
the Chaos Computer Club, in a post online.
In the post, the hackers said they snapped a
high-resolution photo of a fingerprint, inverted
it and laser-printed it with extra toner onto a
transparent sheet. Then they smeared pink
latex milk or white woodglue into the
fingerprint pattern, lifted a thin latex sheet
from it and placed it onto the sensor to unlock
the phone.
“As we have said now for … years, fingerprints
should not be used to secure anything. You leave
them everywhere, and it is far too easy to
make fake fingers out of lifted prints,” said a
hacker, who goes by the nickname Starbug, on
the Chaos Computer Club’s site.
Apple did not respond to a request from CNN
for comment.
Starbug and the Chaos Computer Club are being
rewarded for their efforts. They were named
the winners of an online contest offering a
bounty of cash and other prizes to the first
person or group to successfully hack the new
iPhone’s Touch ID system.
The contest, IsTouchIDHackedYet, was
created by Nick DePetrillo, an independent
computer security researcher known for
demonstrating hacks of smartphones, and
Robert David Graham, owner of Errata
Security, a cybersecurity firm. It invites
donors to contribute to the bounty, which so
far includes an assortment of cash, bitcoins (a
form of digital currency), several bottles of
booze and “a dirty sex book.”
“It’s official. Starbug of the CCC has been
declared the winner of #istouchidhackedyet
Congrats! Video to come soon,” DePetrillo
posted on Twitter Monday afternoon.
The total cash bounty topped $16,000 at one
point, although one donor has since reneged on a
promised $10,000 donation, according to the
site.
Source:
Group of hacker claims to have hacked iPhone 5S
sponsored
No comments:
Post a Comment