Starbug of the ‘Chaos Computer Club’ has posted a video that demonstrates how he was able to bypass Apple’s Touch ID fingerprint sensor using a fake finger.
It “was way easier than expected,” Starbug told ArsTechnica in an e-mail. “I thought it would take at least a week and some fancy chip/bus hacking.” It didn’t require either.
In an interview with Ars, Starbug told the site that figuring out how to beat the system took 30 hours; however, now that it’s figured out, the process would take about half an hour.
It took me nearly 30 hours from unpacking the iPhone to a [bypass] that worked reliably. With better preparation it would have taken approximately half an hour. I spent significantly more time trying to find out information on the technical specification of the sensor than I actually spent bypassing it.
I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial. The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security.
Starbug has won the Is Touch ID Hacked Yet competition and is donating the pledged funds to Raumfahrtagentur, a spinoff from CCC-Berlin.