This hack is child’s play. Apple iPhone biometrics security beaten by a simple play-doh trick
A Chinese embedded optical fingerprint company has demonstrated the fundamental weakness of securing any device using a biometric fingerprint.
Vkansee used plasticine or play-doh, commonly found in most kids bedrooms, to unlock an Apple iPhone.
Apple uses a fingerprint reader with its latest iPhone devices, which allows the user to unlock their phones by simply placing their fingerprint onto the reader, rather than entering a four-digit passcode.
Jason Chaikin, president of Vkansee, created a mould of his fingerprint, then transferred that to a small piece of play-doh. The play-doh sporting the fingerprint was then placed on the iPhone’s fingerprint scanner, which then unlocked the device.
The problem at the moment, Chaikin told CNBC, is that the biometrics are too simple. He cited an example from 2014 of a hacker who managed to take a high resolution picture of German Defense Minister Ursula von der Leyen’s finger, and reverse engineer that to unlock her phone.
The Vkansee president also demonstrated the firm’s patented fingerprint sensor that sits under the glass of a phone. It seems that at the smartphone makers have to cut a hole in the device to put in the sensor.
“The demand for under glass scanning that’s resistant to hacking is the number one thing that we hear from the device makers,” Chaikin told CNBC during an interview at the Mobile World Congress (MWC) in Barcelona.
Vkansee is working on a much more sensitive fingerprint sensor that is able to pick up much greater detail on a person’s finger, such as the thickness of the ridges on a finger or the pores of the skin.
Experts have long questioned the advisability of using fingerprints to secure a mobile device. Indeed, back in September 2014, mobile security firm Lookout warned iPhones could be hacked with a fake fingerprint.
There have also been number of reported issues with Apple’s TouchID fingerprint system, which has been the subject of several high-profile security attacks. For example, a couple of years ago researchers from Security Research Labs (SRLabs) re-used a fingerprint mould from their exploitation of the Apple iPhone 5S in 2013, which required “no additional effort whatsoever”.
And Last August FireEye warned that attackers could hijack fingerprint-protected transactions and harvest fingerprints from mobile devices,
Apple is rumoured to be looking at facial recognition technology to secure the iPhone 7.
It should be noted that Microsoft’s latest Lumia smartphones already include support for facial recognition, as part of its Windows Hello software.
Are you a smartphone expert? Take our quiz here!