Security flaw in new iPhones: your finger

That didn’t take long.

The new iPhone with the fingerprint security system was just made available on Friday and by Saturday the Chaos Computer Club had already figured out how to break into it without the right finger.

The flaw, according to the group, is the phone face is already full of the user’s fingerprints.

First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet.

After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

“It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token”, said Frank Rieger, spokesperson of the CCC.