Think about corporate provided phones with email access. Imagine someone getting Tim Cook's iPhone and hacking his fingerprint? I bet most corporations will require a passcode along with a fingerprint.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
Think about corporate provided phones with email access. Imagine someone getting Tim Cook's iPhone and hacking his fingerprint? I bet most corporations will require a passcode along with a fingerprint.
Well, law enforcement would need a court order and have to do it within the 48 hour window before a passcode would be required. Any evidence found in an unlawful search/seizure could/would be ruled inadmissible in a court of law, but it may give them enough info to find other evidence, legally, if you committed some crime. But if Apple gives up the goods on you, you have no chance.
----------
MacGyver figured out all of this in the 80s...
Fire and Ice (3x05)Edit
MacGyver opens a vault and steals back some diamonds first dusting the buttons for fingerprints with graphite from a pencil. The vault has a three-digit combination with unique digits and six buttons. The dusting narrows down the 120 combinations to 6 and the vault is easily opened. He then neatly gets the diamonds in a small bag using a paper as a funnel. (31.30) "Math and science do prove useful."
He used the same finger with the print on it to demo the "hack" - that doesn't seem very convincing. Apple described it as not reading surface topography but rather reading deeper, so a picture of your fingerprint on the same finger doesn't seem like a clear demonstration.
is it really. I am sure they will just tweak it a little to make it more secure. We all do not work for the CIA.
What next, DNA scanners? Like when you do those glucose tests? Why not put a retina scanner on the front iSight camera? Call it a Retina iSight since we already have retina screens.
I can't believe this took 277 posts on this thread to point out. I've known for years that fingerprints can be lifted and recreated on gel to beat fingerprint locks. Can't say when I learned it, but I figured it was common knowledge.
The worst part about this? iPhones are fingerprint magnets!
Personally, I'm still stoked about the idea of TouchID. No more having to put in my password again (for the most part). But it my phone gets stolen, I could care less. It'll be replaced and the data will be remote wiped in minutes of me figuring out it was taken.
This doesn't surprise me at all. In fact, I would suspect that a copy of a fingerprint would unlock a fingerprint scanner. Just like I'm sure you can fake the android 'face recognition' lock with a photo of the face it is looking for.
Personally, I don't understand the need to lock a phone at all. There's private information on there, but it's not necessarily secret. And who lets a $700 phone out of their sight anyway? But for those who lock it, this is not in ANY way surprising to me. In fact if you would have asked me if the scanner would accept a facsimile of a fingerprint I would say "Of Course."
Total non-story.
Personally, I don't understand the need to lock a phone at all. There's private information on there, but it's not necessarily secret. And who lets a $700 phone out of their sight anyway? But for those who lock it, this is not in ANY way surprising to me. In fact if you would have asked me if the scanner would accept a facsimile of a fingerprint I would say "Of Course."
Total non-story.
Not to change the subject.... wait, yes, to change the subject, I just tried Facetime Audio chat and wow, the sound quality is amazing! The carriers must love that. But I noticed I cannot set a facetime audio as a favorite. The carriers must have laid down the law on that one.
No security is 100% reliable 100% of the time. None. If someone wants to access something that's secured badly enough and they have the resources to make it happen, they'll make it happen. No one said Touch ID was uncrackable.
However, Touch ID does seem to be more secure than entering a password -- which someone simply has to see with wandering eyes and remember. Plus, I firmly believe that Touch ID is aimed squarely at the folks who don't have any password on their device because they find entering a password dozens of times a day to be a pain. At the end of the day, a Touch ID-secured iPhone is unequivocally more secure than an iPhone with no password protection.
However, Touch ID does seem to be more secure than entering a password -- which someone simply has to see with wandering eyes and remember. Plus, I firmly believe that Touch ID is aimed squarely at the folks who don't have any password on their device because they find entering a password dozens of times a day to be a pain. At the end of the day, a Touch ID-secured iPhone is unequivocally more secure than an iPhone with no password protection.
Imagine if Samsung hacked into Timmy's iphone this way and read his emails and future of Apple products. High profile or rich people would be big targets. But if you are nobody you are safe
That's what they used, but I don't think it was necessary. They did that to get a sharp 1200 DPI image.
Yet the Apple scanner is a standard 500 DPI sensor, which means it can only resolve a 250 DPI image (per the Nyquist theorem).
--
The question is, what kind of thief are people talking about?
- If he's a grab and run type, then yeah, he'd have to hope that there's a latent print of your unlock finger somewhere on the phone that could be lifted, cleaned up, and sharpened with common photo tools.
- If he's got a gun and some control over you, he can just ask you to unlock it right there and/or to touch your unlock finger onto a piece of tape he slaps on the back of the phone before he takes it and leaves.
- If he's someone closer to the you, or has someone to follow you around, then there's all sort of opportunities to lift a print from something that you touched even before the phone was taken.
The worry is more about targeted victims. Rich. Famous. Government. Industrial. Military. Spouses. Business partners. Etc.
As I keep saying, it means you'd better trust whomever you fall asleep near, since only your finger is needed to unlock your phone. There's going to be a million TV shows with a female spy going through some sleeping guy's device.
If this demo turns out to be true, then it wouldn't be surprising if organizations put a ban on their employees enabling the fingerprint sensor. As I've said before, for real security, you want to use a combination of both the fingerprint reader AND a good passcode. Apple should put in such a mode.
This is why I use a different body part
Me too, it's much more secure to use my authentication appendix.
OMFG!!!!!!! This is straight from the CCC website. OMFG!!!!! The biometrics hacking team. Oh snap, I almost laughed up a spleen. You mean camera guy and shaky?
Using your logic, why would anyone with a substantial amount of money in their checking account have a PIN on their debit card? How could someone with a substantial amount of money possibly let their debit card fall into the wrong hands?!
Now, let's go back to the world we actually live in. Accidents happen. Phones fall out of pockets all the time. Thieves will see you walking down the street talking on your iPhone and literally rip it out of your hand and take off.
Maybe you don't see the need for PINs and passcodes, but I'll keep securing my devices the best ways I can.
So your telling me Touch ID is now all the sudden going to spur a "find famous people's finger prints" spree and have thieves trying to do that starting now? No, it has been very doable to retrieve someones fingerprints via surfaces for years if someone really wanted to do that. Someone could of tooken a finger print years ago And have a molded finger already.
Should i have been paranoid starting years ago about leaving my fingerprints everywhere? No, well i dont know it sounds like in your logic and thoughts that i should of been paranoid starting years ago... and fingerprint scanning tech and its implementation is still kind of in its infancy, within a few years i fully expect that there will be extreme measures to protect finger prints like ( super advanced front cameras on smartphones that can detect someones face with extreme accuracy and cant be fooled by a photo, etc, even in low light conditions and etc.)
There is nothing from stopping thieves retrieve famous people's fingerprints off surfaces today, the launch of Touch ID does not all the sudden put a huge concern on leaving our fingerprints everywhere and that we should be "scared" to leave fingerprints around, its not that hard to retrieve someone's fingerprints even non Touch ID related,
Whats stopping people from trying to retrieve famous peoples fingerprints now and saving it via extracting their fingerprints on the things they touched(if you can even find them and somehow do that) and a typical jealous spouse or anything cannot hack your phone because they wont even know what the **** their doing
No but seriously you need like $1000 in equipment to do this though
Got it, thanks for the info. I had already been skeptical that a consumer-level fingerprint scanner was so tough to fool.
You don't know what you are talking about. The fake print was made from a latent print left on a piece of glass. See http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid#.Uj9Bk6z0SqM.twitter and http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en
Some people have secret data. I used to not use a passcode, but I decided that I wanted my applications and system to save passwords and such (like VNC, Verizon, VPN, though I would be afraid to go near Ameritrade). So I put a complex passcode on there just to have the data encrypted.
The 4-digit code seems useless to me except to prevent childish friends from messing with you. They can still lock it for an hour anyway.
some people HAVE secret information on there lol.. or very private information.. id feel extremely violated if i lost my phone and i had pictures of my wife butt naked or something... i dont have that on my phone but i have photos of family and stuff like that i dont want my texts and photos and all that stuff in their hands...i never lost a phone so far but i know id feel extremely violated if it got stolen not protected with a password
which basically i really hate putting in passcodes/passwords everytime i turn my phone screen on, thats why i think a fingerprint scanner is quite elegant and very easy and seamless and provides a pretty good level of security, although not completely foolproof... im not worried at all about losing my phone and having people try and get my fingerprints or something
the real concern is about the encryption on the chip and whether thieves can actually retrieve and break the encryption and get your fingerprint off the SoC/chip, if there is a flaw in that and that it can be hacked... well that would be a disastrous epidemic
I'm pretty sure your phone would be wiped very quickly unless there was something they could actually use on there.
i don't see how this is a big deal. someone can also knock you out and use your fingers to unlock the phone.
While it's not hard to lift a finger print, it is difficult to lift it off your phone where you smudge your face oils, your finger oils all over it.
While it's not hard to lift a finger print, it is difficult to lift it off your phone where you smudge your face oils, your finger oils all over it.