Since the release of the iPhone 5s, I wanted to test something: try to bypass the fingerprint reader Touch ID of the device. German hackers have done it before me (and better), but I still wanted to try.
So I decided to make a false fingerprint. This is actually quite trivial, as,we shall see. I used a 2003 tutorial that requires little equipment.
A video of the result:
The idea is not to show that this technology is not secured, on one hand because that the reader security is not directly involved, and on the other hand because we need a direct access to a finger registered on the iPhone. What I show is that the reader of the iPhone 5s uses the same technology as the other readers, and traditional faults can be used.
You can create a fake finger, but in absolute terms, it is useless: we can only start with a true fingerprint, that has to be registered on the iPhone.
The method is quite simple. First, you need a hot glue gun (about 30 €) and a sheet of paper. We must put a little glue on a sheet, wait a few minutes for it to cool and put a finger in it. Careful, it’s hot …
Then you have to heat some food gelatin (here I put two sheets) in hot water (2 minutes microwave) and place the gelatin in question on the fingerprint. Finally, put the whole thing into the freezer for ten minutes to solidify everything.
Well, it’s over. The print works to unlock an iPhone. It is useless, but it’s funny.
If you didn’t lift the fingerprint from an artifact the user touched previously and created your fake fingerprint from the lifted print, this is a party trick just as the CCC one was.