Apple Touch ID fingerprint tech 'broken', hackers say

  • Published
Journalist testing Touch ID unlock function
Image caption,

Apple says its Touch ID fingerprint recognition system provides a "very high level of security".

Hackers claim to have broken Apple's iPhone 5S Touch ID fingerprint recognition system just a day after the phone was launched.

Germany's Chaos Computer Club claims, external it "successfully bypassed the biometric security of Apple's Touch ID using easy everyday means".

By photographing a fingerprint left on a glass surface and creating a fake finger they were able to unlock the phone, the hackers claim.

But Apple maintains, external Touch ID is secure.

On its website the iPhone maker says there is a one in 50,000 chance of two separate fingerprints being alike and the technology provides "a very high level of security".

Karsten Nohl, chief scientist at SRLabs, a German hacking think tank, told the BBC: "It would have been incredible if Apple had managed to do something the rest of the biometrics industry has failed to achieve after decades of trying, so I'm not surprised it was hacked after just one day.

"Claiming this system offers a high level of security is just ridiculous," he added.

Convenience

Apple does not suggest that Touch ID is a total replacement for traditional passcode security, simply a more convenient way of unlocking the phone.

Image caption,

The Chaos Computer Club believes fingerprint biometrics "should be avoided"

"Touch ID is designed to minimise the input of your passcode; but your passcode will be needed for additional security validation," Apple says.

But it does not address the ability of hackers lifting individual prints and creating fake fingers, as the Chaos Computer Club claims to have done.

Mr Nohl says a five-digit password would be more secure than a fingerprint and believes Apple should have focused on convenience rather than security in its marketing of the Touch ID feature.

On Friday, an influential US senator called for Apple to answer "substantial privacy questions" arising from the technology.

Apple did not respond to the BBC's request for a comment.