It certainly didn’t take long for Apple’s new iPhone 5s to be hacked. It seems it only took two days for a group of hackers known as the Chaos Computer Club (CCC) was able to beat the biometrics feature on the phone. Is this a problem? Maybe. Maybe not.
Biometrics is best defined as using your characteristics or traits to identify yourself. The most common use is for access control systems where you put your hand on a pad which identifies you by your fingerprints. On the new iPhone it is used as a way to identify the phone’s user and eliminates the need to enter a passcode to unlock the phone. According to CNet, this has been independently confirmed as having been successful.
In a video on the CCC website they show how they were able to do this. They took a picture of a fingerprint from a glass surface, transferred it onto a thin piece of film which was then put on a real finger and used to access the phone. This seems to be an awful lot of trouble to go through just to get into a phone.
First, in order for this hack to work you have to have a clean fingerprint to copy. The CCC used a fingerprint off a clean piece of glass, something which is rare to find, but not impossible. They then had to have the tools to be able to transfer this to a thin piece of film. After this they needed to have the actual phone belonging to the person whose fingerprint they had. After selling over 9 million phones in the first few days, this would seem to be an almost impossible task. What could be on someone’s phone that would be worth all this effort?
What this hack does do however is to show that biometrics may not be as safe as promised. If it can be defeated on a phone it could be defeated in other applications. Yes, it would be expensive but depending on what the end goal is it might be worth the trouble. How much money is in that bank vault? What is that information stored on that protected computer worth to someone? As the old saying goes “everything is worth something to someone.”
The CCC is a group of is Europe’s largest group of hackers. They are based in Germany. According to their website they “are providing information about technical and societal issues, such as surveillance, privacy, freedom of information, hacktivism, data security and many other interesting things around technology and hacking issues.” The group became famous when they hacked into one of Germany’s banking networks and transferred money to their accounts. They returned the money publicly the next day, but the point had been made.
The hack of the iPhone 5s shows that biometrics isn’t as safe as it is purported to be. It may not be worth the trouble to hack into a phone but it could be worth it to hack into something else.
Written by: Paul Roy