Just three days after the release of Apple’s new iPhone 5s, which boasted a fingerprint scanner, a group of hackers in Germany had posted a video online showing how easily they could crack it: They scanned a fingerprint left on a glass iPhone screen, fabricated a membrane, pressed it on the phone, and got inside.
Breaking into the iPhone 5s should also be a relatively simple matter for hackers in China, given the prevalence of fake fingerprint kits there and how easy they are to use. Fingerprint membrane kits have become extremely popular on the Internet recently, especially over the national holidays that went for a week, ending on Oct. 7.
In China, faked fingerprints can be used not only to get inside iPhones, but also to cheat attendance at the workplace: in many places around China, fingerprint scanning machines have taken the place of punch cards for registering attendance at work, to prevent colleagues from punching one anothers’ cards. Now the new machines can be easily circumvented.
Over 100 online stores sell fingerprint membrane makers, according to a search of Baidu, China’s biggest Internet browser. Over the last month, some of the stores have sold 10 times what they used to, according to a report in Legal Evening News, a state-affiliated news outlet.
“Sleep well. Let me help you punch your card,” says one of the fingerprint kits to a sleeping worker in a comic advertisement on the website of a company that sells the items. One of the kits — which consists of an ink-blotter like pad for making an impression, plus some gel for taking a fine mold — costs $16 including shipping. If it doesn’t work, the seller will give a full refund.
A Legal Evening News reporter ordered a 45 yuan ($7.35) fingerprint kit, whipped up a fake print, and fooled the attendance machine within two hours.
Unsurprisingly, fake fingerprints have also been used for criminal activities in China. A case of extortion using faked fingerprint was recorded in the south of the country in 2010, according to Jingling Evening News, a newspaper in Nanjing.
Sometimes fingerprint exchanges can backfire. According to an anecdote provided by Legal Evening News, a secretary in Yangzhou City, Jiangsu Province, entrusted her fingerprint to a colleague who would falsely record her attendance. The colleague then broken into the secretary’s computer using the fingerprint, and found highly compromising photographs of the secretary with the company’s general manager. She extorted 15,000 yuan ($2,450), the article said.