Hackers Find Fatal Flaw of Fingerprint Security

September 28, 2013 | By Kevin Judge

Internet SecurityWhen Apple announced the Touch ID technology that rolled out with the new iPhone 5, it sounded like science fiction. Your phone can now be secured by your own fingerprint. Can the retinal (eyeball) scanning made famous in films like Mission Impossible be far behind?

The age of biometric security has begun!
Or not!

Unfortunately, the technology appears to have a fatal flaw. After only 2 days on sale, a German hacker named Starbug published a video demonstrating how it can be circumvented. What I found most interesting, and to be honest amusing, is that their solution seems simple and rather obvious. The problem with fingerprints for security is that you leave a trail of them everywhere you go.

You leave them on your desk, keyboards and drinking glasses. Working with a group called the Chaos Computer Club, Starbug simply demonstrated that it is easy to copy inadvertently left prints and use them to unlock the phone.

The hard part is creating a fake print that tricks the sensor into thinking it is from a live finger. When Apple first announced the technology, Apple assured the public that thieves won’t be chopping off fingers to access iPhones. The sensor is able to tell that the print is from a live person.

Chaos demonstrated that with a very high resolution scanner, a little latex and just the right chemical treatment a faux fingerprint can be pasted on a live persons finger that fool the Touch ID sensor. For their efforts, the group is claiming a reward offered by by Security Researcher Nick DePetrillo. Petrillo has collected at least $14,000 in donations to use as prize money for demonstrations of successful hacks of the Touch ID.

It seems that despite all the hoopla, you would be more secure by simply using Comodo Mobile Security for the Android. Go figure!

Be Sociable, Share!

    Comments

    Alex Jeter September 28, 2013 at 11:58 pm

    Good article, and the author is right.
    That is a pretty obvious solution.
    I’ve seen it done in a lot of movies, fake fingerprints, not that you can believe everything you see in movies.

    I don’t like the thought of Retinal Scans. It makes me think of the glaucoma test that blows air in your eye.

    Reply
    Kevin Judge September 29, 2013 at 12:38 pm

    I know what you mean about the glaucoma test. There is another test where it goes right up to your eyeball and you are not supposed to move or blink. I really hate it.

    I think biometrics will eventually be common for security, but we are not there yet. I think Apple wanted fingerprint security to generate a “cool factor”, but it may have backfired.

    I guess the real question is whether the steps that the hackers have to go through to hack the fingerprint id are more difficult than for conventional passwords. People leave clues around that help hackers crack passwords. They even write them down on stickys!

    Reply
    Jose Sanz September 29, 2013 at 1:03 pm

    Apple is all hype.
    I love my android.

    Reply

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>