A day after the iPhone 5S hit the streets, a group of hackers in Germany say they have successfully bypassed the biometric security on the Apple's Touch ID fingerprint sensor by using "easy everyday means."
The Chaos Computer Club announced late Saturday that it defeated the security device by photographing an iPhone user's fingerprint from a glass surface and using that captured image to verify the user's login credentials. The sensor, which resides under the home button, replaces the four-digit passcode to unlock the handset and authorize iTunes Store purchases.
"This demonstrates -- again -- that fingerprint biometrics is unsuitable as access control method and should be avoided," the group wrote in a blog post detailing its bypass:
First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.