In this short blog post I will present you why alphanumeric password is much more secure than using biometrics. At my home, as a totally n00b, I was able to clone my finger that bypassed TouchID. To be honest in my case, effectiveness was about 10%-15% - but like I wrote before, it was my first time and I didn't have any professional tools.
Before I start, I want to credit Łukasz Bobrek & Paweł Kuryłowicz from SecuRing that showed me their research. These guys compiled the knowledge from iPhone 5s Touch ID hack in detail and much of time spent on trials and failures, to create the Half-blood Prince's textbook. 😉
1. Scan your fingerprint
(that is a fake finger, not mine - dont' worry ;-))
2. Revert it and remove the noise
3. Print the finger on the tracing paper
4. Cut some PCB
5. Expose the printed fingerprint to PCB
6. Immerse the PCB in a photo etcher
... and wait for about 1 hour
7. Dry it and immerse in the Na2S2O8 solution
8. Dry the PCB again and apply the graphite coating
9. Apply wood glue
10. Wait 24h and peel the fake finger!