Apple says that the new iPhone 5S' fingerprint sensor is "a convenient and highly secure way to access your phone." The former is true. The latter, not so much. The fingerprint security can be easily broken. Jealous spouses and industrial spies, rejoice!
The usual Apple boosters bought into the company's claims without even questioning their claims. They said the iPhone's fingerprint sensor is different from other lesser fingerprint sensors because it can't be fooled—it uses your deep skin fingerprint. They could have also said it's different because it runs on magicks and unicorn sperm. It makes the same sense.
In this video—and the accompanying article—hackers from the Chaos Computer Club in Germany claim that, in reality, the sensor is just the same as any other sensor. It runs at a higher resolution but it can be fooled just the same.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
The group used a digital camera to photograph a fingerprint from a glass. Then used this to build a fake skin, which they used to access a "fingerprint secured" iPhone 5S without any difficulty.
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
The video above demonstrates that the hack works perfectly.
So, apparently and contrary to Apple's corpospeak—and all the echoes from the Cupertino chorus line—your iPhone's fingerprint security can be broken. With a camera, a laser printer, and some wood glue—just like every other fingerprint sensor in the world. It seems to have no special powers.
The fingerprint sensor is still convenient—it is, along with the new camera, why I'm getting a 5S myself—but don't count on it to protect any sensitive information in your iPhone. If you think someone may be interested in accessing your iPhone for whatever reason, they would be able to do it easily using this hack (and no, people don't need to steal the phone. Your spouse or your roommate can do this while you are sleeping or away, for example.)