The Chaos Computer Club claims to be able to bypass Apple’s new Touch ID fingerprint sensor with a photo of the original user’s fingerprint. The bypass is demonstrated in this short video:
The system is detailed in a how to which requires obtaining the original user’s fingerprint:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Apple’s new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor — though that is arguably even less secure than duplicating someone’s fingerprint.