Skip to main content

Touch ID hackers attempt to take things to next level, no need for physical fingerprint

The hacker who successfully used a fingerprint captured from an iPhone to fool Touch ID now believes it may be possible to perform the same hack without needing access to a physical fingerprint. Speaking at this year’s Chaos Computer Club convention, Jan Krissler – who uses the alias Starbug – demonstrated how a fingerprint can be generated from a series of ordinary photographs of someone’s finger … 

VentureBeat reports that he demonstrated the capability by photographing the thumb of German Defense Minister Ursula von der Leyen, using this to generate a fingerprint …

Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.

It’s worth noting that at this point, Krissler has not yet demonstrated an ability to combine the two approaches by using a photographed fingerprint to fool Touch ID, and that even if he is able to do so, the attack method is non-trivial. Last year’s video demonstrating the approach showed that it required 30 hours of work to pull off the first time, and would likely take several hours subsequently.

As we noted last time, the hack requires a considerable amount of time, effort, skill and equipment, and is not something the average iPhone user need be too concerned about.

Tests performed using the hack showed that while it still worked on the iPhone 6, Apple had improved both the security and reliability of the sensor in the new models.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. 89p13 - 9 years ago

    Well, if Sony had a Touch ID – you could take a photograph of someone’s fingers from 40 feet away and just flash the photo at the Sony sensor – and be granted access.

    Seriously – I’m not worried about this “breach” of the Apple Touch ID. I don’t think there’s anything worth all that work on my iDevices.

    • Ben Lovejoy - 9 years ago

      Exactly, that’s the thing: that kind of work would only be justified with a worthwhile target, like the CEO of a startup. It’s not something most of us need worry about.

      • Ben, even if you did target a high profile person… you would need to get close enough (you couldn’t get a sharp enough photo of fingerprints using a telephoto lens) to take a macro photo of the person’s finger tips… and even THEN, you would have to ask the person not to move his/her fingers while you focus at close range.

        In other words, this “claim” is as ridiculous as it sounds.

        It would actually be EASIER (starting facetiousness) to kidnap that person, tie them to a chair, make sure they had their iPhone with them, and then forcibly press their thumb to the Touch ID on their iPhone.

        (͡° ͜ʖ°)

      • Ben Lovejoy - 9 years ago

        I can’t see any reason in principle why a telephoto lens couldn’t be used – if you are within say ten feet or thereabouts (eg. at a news conference), that should allow sufficient detail – but I’ll wait for them to demonstrate that the images obtained this way do the job.

      • “I can’t see any reason in principle why a telephoto lens couldn’t be used – if you are within say ten feet”

        Ben, you may be right… But I have yet to see anyone, with any telephoto lens, that can get enough detail of a person’s fingerprints from ten feet away, comparable to a good macro lens at a few inches away.

        Remember that a hand-held camera (or even on a tripod) has some movement which would make a “macro” image at ten feet away almost impossible.

        The other conditions would also need to be PERFECT. The lighting on the finger tips would need to be optimal to clearly define the fingerprint. And the person whose finger tips you are shooting, would need to keep those fingers still long enough, and at the correct angle, to get a reasonable shot.

      • Ben Lovejoy - 9 years ago

        It will never match a macro lens for sure, but it’s amazing the detail you can pull from a good telephoto lens. Generally speaking, 1/125th is enough to freeze normal movement, and the rule of thumb to eliminate camera-shake is 1/focal length, eg. 1/200th for a 200mm lens.

      • There is a good article that discusses getting “Near-Macro Photography with a Telephoto Lens”:
        http://digital-photography-school.com/6-tips-for-near-macro-photography-with-a-telephoto-lens/

        But the article talks about “working distance to the subject is in the region of 1 metre” for the telephoto lens shots, which closer than any photographer would get to a subject’s finger tips.

        Even still, the article does mention some problems at this short distance:

        “Due to the extreme focal length, the risk of reduced sharpness due to camera shake is higher.”
        “Even on a tripod, images can still suffer from camera shake.”
        “Using extreme focal lengths at such close distances [with a telephoto lens] can reduce the depth of field to fractions of a millimetre.”
        “Ensure your subject is parallel to the sensor.”
        “Increasing the focal length in this way will have consequences on your choice of shutter speed and aperture”

        The article ends with: “Using a telephoto lens for near-macro photography [at 1 meter distance] will typically not allow you to magnify your subject as far as if using a dedicated macro lens”.

        Although Mr. Krissler has his “theory”, he clearly has no understanding of photography, or how implausible it would be to actually take photos of fingerprints at a distance.

      • Ben Lovejoy - 9 years ago

        Yeah, I’m not sure whether pseudo-macro photography is needed. For example, look at some of the fine detail you see in things like bird feathers shot at a distance. All comes down to the resolution required, and until we see him actually follow through to fooling the sensor, we won’t know that for sure.

  2. “…along with photographs taken from different angles to get an image of the complete fingerprint.”

    So as long as I stay away from people that want to take hi-resolution photos of my thumb or index finger from different angles, and likely all close-ups, I’m okay.

    Got it.

    Considering how often the average person checks their phone the likelihood that someone wouldn’t notice their phone is missing is near impossible. Maybe if they’re drunk but I’d wager that most people would notice their phone missing before their wallet/purse.

  3. greenbelt2csp - 9 years ago

    Read the source material. It’s a Theory that it can unlock an iPhone. They haven’t actually been able to do it.

    • Ben Lovejoy - 9 years ago

      No need to refer to the source material for that. I wrote: “It’s worth noting that at this point, Krissler has not yet demonstrated an ability to combine the two approaches by using a photographed fingerprint to fool Touch ID”

  4. Taste_of_Apple - 9 years ago

    Yikes. Scary stuff – even if most of us have nothing to really worry about.

    • Edison Wrzosek - 9 years ago

      It’s actually not scary in the slightest, because this is all theoretical at present, as the guy hasn’t even been able to prove this theory as plausible and executable in reality. This guy is just looking for his 10 minutes of fame, nothing more…

  5. drhalftone - 9 years ago

    Dear Ben, Good job researching your subject. Had you done a simple web search for the terms, “noncontact fingerprint capture,” you would have found a ton a links to academic research as well as commercial products that claim to do exactly the same thing. As a matter of fact, search for the phrase, “fast fingerprint capture program,” and you will find links the National Institutes of Justice (NIJ) as well as the National Institutes for Standards and Technology (NIST), and you can read about a government funded project that kicked off in 2004 (that’s ten years ago) to do exactly that Krissler did which was to acquire fingerprints that would be backwards compatible with the existing FBI fingerprint database.

  6. drhalftone - 9 years ago

    Here is another great article from May of 2008 (more than six years ago):

    http://www.photonics.com/Article.aspx?PID=5&VID=22&IID=153&AID=33533

    that describes capturing fingerprints with a camera from 30 inches away. You’re probably wondering why we would want to capture fingerprints from 30 inches. It has to do with deadly viruses that can be passed using touch sensors at ID checkpoints at international airports. You know, they don’t clean those things very often.

    • Ben Lovejoy - 9 years ago

      Again, very different to a capture with the potential to fool Touch ID.

      • drhalftone - 9 years ago

        Actually, I think its easier than you think. Just because Krissler hasn’t done in yet. Here is what I would do. I would use a UV inkjet printer, like Mutoh’s ValueJet 426UF, to print the extracted fingerprint from photographs onto a latex glove. I would then put the latex glove on my hand and use it like I would my naked finger.

      • Ben Lovejoy - 9 years ago

        Go for it :-)

  7. CV (@jonews45) - 9 years ago

    I thought Touch ID read more than just a person’s fingerprint; it essentially takes a high-res picture of sub-epidermal layers of your skin. Is it just reading the fingerprint?

    • Ben Lovejoy - 9 years ago

      It needs the sub-epidural layers to be present, but can be fooled by overlaying a fake fingerprint onto a real finger – that is how the original hack was performed.

  8. Leif Paul Ashley - 9 years ago

    These hacks are bullshit… that’s literally the only word that comes to mind. Any developer that knows how the fingerprint is protected knows how insanely difficult it is to access it.

    That’s why the FBI is requesting access from Apple.

    Now if you cut off someone’s thumb, is that Apple’s fault for an “unsecured” iPhone?

    • Ben Lovejoy - 9 years ago

      The original hack has been proven and replicated. The question here is whether a fingerprint generated from a photo could work as the source.

  9. Julian Velasquez - 9 years ago

    Let’s all just start posting finger selfies online for others to steal… Seems legit.

  10. airmanchairman - 9 years ago

    To be forewarned is to be forearmed.

    From now on we we should all, for our security, remember the wise dictates of the famous rock song by the Georgia Satellites: “Don’t you give me no more lies and keep your hands to yourself!”

    Seasons’ Greetings, y’all…

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear