More details, new video showing Iphone fingerprint reader pwned by Chaos Computer Club


Starbug, the Chaos Computer Club hacker who broke the fingerprint biometric security on the Iphone, has given an interview [German] to CT Magazine detailing the hack, and released a new video showing how he did it.

In the end it, remove the fingerprint in a realistic usage scenarios directly from an iPhone succeeded. Here, a scanner with 2400 DPI was used. Subsequently, this fingerprint is digitally enhanced in order to print on a transparent film (1200 dpi), which was then used as a mask for exposing a printed circuit board. Protected by the black areas in front of the UV light structures do not harden and can then be etched away. This yields a form that serves as a template for creating artificial fingerprints. This is done by spraying with graphite, which is then applied wood glue is then used as a skin-like support material. The video shows that the iPhone is accepted as the created fingerprint harmless dummy.

None of the methods used is new. About to create the procedure, fingerprint forms with etched circuit boards, Tsutomu Matsumoto in 2002 documented . The equipment and materials used are quite simply accessible for ambitious hobbyists. Thus, the cracking of the fingerprint lock should indeed exceed the capabilities of a conventional pickpocket, a targeted attack by a tech savvy attacker will touch ID but no insurmountable obstacles in the way.

Der iPhone-Fingerabdruck-Hack [Jürgen Schmidt/CT]

The iPhone fingerprint hack [Google Translate]

(Thanks, Alex!)

Notable Replies

  1. Whatever.
    It's still a ridiculously involved process. CCC get some geek cred, and Cory gets his weekly Apple-GRAR on, but I don't see this being any sort of valid thread to the general consumer.

    Half of iPhone users don't set any security at all. Their primary reason for not doing so is that entering a PIN several times a day is annoying. This works at least as well as setting a PIN and takes a fraction of the time to use, plus there's a bit of entertainment/novelty value. If it drives a higher number of consumers to actually start using some form of security, more's the better.

  2. mtdna says:

    The new system has me terrified that someone will chop off my finger to get into my phone. That's why I trained it to identify my scrotum. What could possibly go wrong?

  3. And I would totally cut off somebody's testicle to see what they on their iTunes! We're like an O'Henry story, but with fewer presents and more mutilation!

  4. Weird how when the new iPhone was announced, they claimed the fingerprint reader was more advanced than previous fingerprint readers so it wouldn't be hacked by the same methods. But now that it's been easily hacked, Apple fans have decided that it doesn't matter.

  5. You must not read a lot of tech forums. Please see the initial announcement threads on slashdot and engadget for just two examples. Or maybe just some examples from one BBS thread here (be sure to expand the quotes below so you can see between them they hit all my points exactly):

Continue the discussion bbs.boingboing.net

32 more replies

Participants