In this short blog post, I will present to you why the alphanumeric password is much more secure than using biometrics. At my home, as a total n00b, I was able to clone my finger that bypassed TouchID. To be honest in my case, effectiveness was about 10%-15% - but like I wrote before, it was my first time, and I didn’t have any professional tools. Before I start, I want to credit Łukasz Bobrek & Paweł Kuryłowicz from SecuRing that showed me their research. These guys compiled the knowledge from iPhone 5s Touch ID hack in detail and much of the time spent on trials and failures, to create the Half-blood Prince’s textbook. 😉

1. Scan your fingerprint

(that is a fake finger, not mine - dont’ worry ;-)) fingerprint1

2. Revert it and remove the noise


3. Print the finger on the tracing paper


4. Cut some PCB


5. Expose the printed fingerprint to PCB


6. Immerse the PCB in a photo etcher

… and wait for about 1 hour IMG_5492

7. Dry it and immerse in the Na2S2O8 solution


8. Dry the PCB again and apply the graphite coating


9. Apply wood glue


10. Wait 24h and peel the fake finger!



Update #1

The story was also featured in: