iPhone 5S Fingerprint Sensor Fooled by German Hacker Group
A hacker named 'Star Bug' says he breached Apple's newest security measure.
Sept. 23, 2013— -- A hacking group in Germany is claiming to have fooled the iPhone 5S fingerprint sensor and software, known as Touch ID, less than 48 hours after the new iPhone's release.
The Chaos Computer Club (CCC) posted about their achievement on Sept. 21, along with an accompanying video.
The hacker filmed in the video goes by the nickname "Star Bug." Dirk Engling, a spokesperson for the CCC, said that what Star Bug has done wasn't particularly challenging, even for a non-professional hacker. "The CCC published everything that you would need to fool a fingerprint sensor 10 years ago," he told ABC News. "Really, the hardest part was to get our hands on an iPhone 5S because it was sold out."
Robert Graham, one of the co-creators of the site istouchidhacketyet.com, said that he shouldn't have been surprised in retrospect. "The only thing that's different is that Apple increased the resolution of the fingerprint scanner," he said. The website has accumulated a bounty of over $10,000 for the first person to hack Touch ID, not including the $10,000 pledge of one donor who recently withdrew the offer.
Apple did not respond to ABC News' requests for comment regarding Star Bug's video or Graham's website.
Engling said that there were no other Touch ID profiles stored on the device filmed in the video. After Star Bug set up a Touch ID profile on the iPhone 5S using his index finger, he applies a thin film etched with the index fingerprint to his middle finger. Even though the middle finger is not associated with a user profile, it is also able to unlock the phone by masquerading as the index finger.
Granted, the average iPhone thief may not want to make the investment in equipment for something they could get for $200 from Apple stores. However, Graham said that just because it's a lot of trouble for one person doesn't mean that it will be trouble for all people. "If you're a professional iPhone thief or even the government or police, once you have the equipment, you can do it," he said.
Graham's website officially recognizes the CCC as being first to hack Touch ID. However, they are still waiting for video showing how they lifted the fingerprint.
Engling said that while Star Bug is probably working as quick as he can, Graham should take into consideration that this isn't how he makes his living. "We all still have day jobs," said Engling. "But we will submit another video today to them. Maybe we'll hear back from [istouchidhackedyet.com] tomorrow."