Chaos Computer Club hackers trick Apple’s TouchID security feature

Germany's Chaos Computing Club claims to have tricked Apple's new TouchID security feature this weekend. In a blog post on the breakthrough, the CCC writes that they bypassed the fingerprint-reader by simply starting with "the fingerprint of the phone user photographed from a glass surface."

The entire process is documented by hacker Starbug in the video above, and the club outlines it in a how-to. For this particular initiative, the CCC started by photographing a fingerprint with 2400 dpi. Next the image was inverted and laser printed at 1200 dpi. To create the fingerprint mask Starbug finally used, latex milk was poured into the pattern, eventually lifted, breathed on (for moisture), and pushed onto the sensor to unlock the phone. In this sense, it's hard to definitively state the hackers "broke" the TouchID precautions, because they did not circumvent the security measure without access to the fingerprint. (TouchID could similarly be cleared with a GTA V-like strategy of knocking the phone user unconscious and pressing finger-to-sensor.) However, the CCC did successfully trick TouchID into working as advertised for an individual who wasn't the phone user.

The CCC, and Starbug in particular, are well-known critics of biometric security systems. Back in 2008, Starbug even cloned the fingerprint of a German politician who advocated for collecting citizens' unique physical characteristics as a means of preventing terrorism.

Read 3 remaining paragraphs | Comments


Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)

Original release date: September 22, 2013 | Last revised: September 23, 2013

Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager (DCNM). These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected device. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.

Cisco has released software updates to address the following vulnerabilities:


US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates to help mitigate the risk.

This product is provided subject to this Notification and this Privacy & Use policy.