Monday, September 23, 2013

Cracks in Cracking the iPhone 5S Fingerprint Technology


After the iPhone 5S was announced, people started asking questions about the fingerprint scanner and whether it could read severed fingers.

The security experts quickly weighed in after the release of the device:
“The [RF capacitive sensor] technology is built in a way that the [fingerprint] image has to be taken from a live finger,” says Sebastien Taveau, chief technology officer at Validity Sensors, a California based provider of fingerprint sensor solutions. “No one in biometrics wants to talk about cut fingers and dead bodies, but at the end of the day we are still asked to remove the fears of consumer and make sure that they understand that [a severed finger] will not work.”

Other experts weighed in with this: 
"For reference, the Touch ID scanner uses two methods to identify a user's fingerprint: a capacitive sensor that is activated by the small electrical current that runs through your skin, used by most smartphone touchscreens (and, one would think, at least partially blocked by a layer of non-conductive latex or glue), and a radio frequency sensor that reads the sub-epidermal layers of skin."

So, to recap - According to those sources, it's using radio frequency (RF) sensor technology to read under the fingerprint, not a visual scanner to "look" at a fingerprint.

Now, the CCC claims it can bypass this security using a lifted fingerprint.  
(source: http://www.theregister.co.uk/2013/09/22/iphone_5_touchid_broken_by_chaos_computer_club/

In short, they claim this method works:
  • Photograph a fingerprint.
  • Clean up the image, invert it and laser print with 1200 dpi on to transparent sheet with a thick toner setting. 
  • Pink latex milk or white wood glue is smeared into the pattern created by the toner on to the transparent sheet. 
  • After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed on to the sensor to unlock the phone.


Two things don't make sense here: 
1.  Latex is non-conductive. That knocks out the capacitative sensor that tells the RF sensor to start scanning.
2.  The sub-epidermal layer theory now doesn't hold true.

The most interesting thing now to see whether this is fake or not, is to see whether the CCC claims one of the prizes that are allocated to the first person/group that can prove the iPhone is crackable in this sense.

Until then, I can only surmise that someone is lying about the facts here.