German group claims to have hacked Apple iPhone fingerprint scanner

Monday 23 September 2013 07.50
A group of German hackers claim to have cracked the iPhone fingerprint scanner
A group of German hackers claim to have cracked the iPhone fingerprint scanner

A group of German hackers claimed to have cracked the iPhone fingerprint scanner on Sunday, just two days after Apple launched the technology that it promises will better protect devices from criminals seeking access.

If the claim is verified, it will be embarrassing for Apple which is betting on the scanner to set its smartphone apart from new models of Samsung Electronics and others running the Android operating system of Google.

Two prominent iPhone security experts told Reuters that they believed the German group, known as the Chaos Computing Club, or CCC, had succeeded in defeating Apple's Touch ID, though they had not personally replicated the work.

CCC, one the world's largest hacking groups, posted a video on its website that appeared to show somebody accessing an iPhone 5S with a fabricated print.

The site described how members of its biometrics team had cracked the new fingerprint reader, one of the few major high-tech features added to the latest version of the iPhone.

The group said they targeted Touch ID to knock down reports about its "marvels," which suggested it would be difficult to crack.

"Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fakefingers out of lifted prints," a hacker named Starbug was quoted as saying on the CCC's site.

The group said it defeated Touch ID by photographing the fingerprint of an iPhone's user, then printing it on to a transparent sheet, which it used to create a mold for a "fakefinger."

CCC said similar processes have been used to crack "the vast majority" of fingerprint sensors on the market.

Touch ID, which was only introduced on the top-of-the-line iPhone 5S, lets users unlock their devices or make purchases on iTunes by simply pressing their finger on the home button. It uses a sapphire crystal sensor embedded in the button. Data used for verification is encrypted and stored in a secure enclave of the phone's A7 processor chip.