[youtube]http://youtu.be/0mmDcq-2Fos[/youtube]
We already know that the system touch ID al iPhone 5S can be fooled by people with experience in forging fingerprints, and a video tutorial publicat during the last night on the internet details the whole procedure. Basically you need 1000$ equipment to process and create the fingerprint, but even if you do this, there is a chance that the system will not recognize it. Moreover, the person trying to cheat the system must have the correct fingerprint registered in touch ID, it must be complete, otherwise the system will reject it and will not do the unlocking.
I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial. The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial. Hacking TouchID relies on a combination of skills, existing academic research and the patience of a Crime Scene Technician.
Although those who tricked the system managed to do it in just 30 hours, and the creator of the above video clip was amazed by the speed with which he achieved everything, the procedure is not simple and according to some, the skills of a criminal expert are needed to accomplish everything. The main problems are related to the impression lifting process which must be done using: an adhesive substance called cyanoacrylate vapor, impression lifting powder or adhesive tape for impression lifting. After picking up, the fingerprint must be photographed, edited and printed on a transparent film which is then transformed into a usable fingerprint using a laser printer.
Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don't forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it. However, let's be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn't a threat that many of us face.
This extremely complicated procedure and the fact that Apple uses the fingerprint reader to record a high-resolution image of the sub-epidermal layers of the finger will deter many from trying to fool Touch ID, but even a fake fingerprint , correctly raised, could be rejected.
