(Phys.org) —A biometric hacking team known as Chaos Computer Club (CCC), has posted on its website, what it claims is an easy way to access an iPhone equipped with Apple's new Touch ID fingerprint scanning security system. The new technology allows users to unlock their phone by pressing their finger against the "home" button. The "hack" involves photographing a user's fingerprint, printing it on a laser printer, then using a filler to create a fake rubber-like fingertip with the user's fingerprint on it.
With the introduction of the lastest iPhone, the 5s, Apple has also introduced a new way to allow users to access their phones after it's been locked—using just their finger tips. It's easier than typing in a pin number and Apple has been claiming in ads, the fingerprint scanning technology is "highly" secure. That claim now appears to be in doubt as CCC demonstrates that a hacker willing to go to extreme lengths to unlock someone's iPhone, can do so, with a minimum amount of effort.
More specifically, CCC claims that to "hack" the phone, all a person needs to do is obtain the true owner's fingerprint on a pane of glass (they don't say if the phone screen itself can be used.) That fingerprint is photographed with a high resolution (2400 dpi) camera, cleaned up and inverted (presumably with PhotoShop) and then printed using a high resolution (1200 dpi) laser printer with the toner set to print thick. Next, liquid latex is poured into the printout and once dry is peeled off. The result is a rubber-like facsimile of the original user's fingertip, complete with an accurate representation of the fingerprint. When pressed against the home button on the iPhone, the phone recognizes it as the real McCoy and allows entry.
The technique wasn't discovered by the CCC of course, it's been used by other groups to circumvent other finger scanning devices, but it is apparently effective as a means to circumvent Apple's latest security system. There is one caveat—Apple's OS doesn't allow the phone to be unlocked with a fingerprint if the phone hasn't been active in the past 48 hours, or if it's been reset, thus, the hack won't work if the hackers take too long with their efforts.
Explore further: Ear-check via phone can ease path to diagnosis