Tuesday, September 24, 2013 - 15:02

CCC circumvented Apple's TouchID on iPhone 5S

That was fast. I had expected that TouchID would last a little bit longer than under a week. Not necessarily because it's secure. I just hadn't expected anyone to give it a try. These systems aren't exactly exciting. But I guess Apple is a fame in its own.

The CCC team bypassed Apple's fingerprint system with a well known attack scheme they used before. An interesting fact as Apple's claims on TouchID would have suggested that this should not have been possible. 

Taking into account how TouchID is built I already wondered how that sensor is actually supposed to do what it's supposed to do. Apparently the trick is it doesn't.  Or maybe it's limited to the gold standard version... According to the team it's just a higher resolution scanner but other than that what you'd expect in a consumer device and in that form factor for under 1000 bucks. Here's Apple BS marketing video on TouchID. Below is the CCC's iPhone unboxing video hehe.

Here's the original article and here's a more generic explanation of the process.

I'm curious though. Did Mac&I know that Security provided the device for this blasphemy? ;-)

Add new comment

This form is protected by Google Recaptcha. By clicking here you agree to include Google Recaptcha for this session. The page will reload and the form will become avaiable.