He told ArsTechnica in an email that it turned out to be ‘way easier than expected. I thought it would take at least a week and some fancy hacking’. But it didn’t require anything.
In his interview with the publication, Starbug revealed that figuring out how to bypass the Touch ID authorization took 30 hours, but now that’s been discovered, it would only take about half an hour:
It took me nearly 30 hours from unpacking the iPhone to a [bypass] that worked reliably. With better preparation it would have taken approximately half an hour. I spent significantly more time trying to find out information on the technical specification of the sensor than I actually spent bypassing it.
I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial. The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security.
This means Starbug is the winner of ‘Is The Touch ID hacked yet’ competition. He is donating the funds to Raumfahrtagentur.
