Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses

MacRumors · Oct 4, 2013

Berlin-based Security Research Labs has detailed various exploits within the iPhone 5s' Touch ID security feature and iOS 7 that allow would-be criminals to bypass the device's security features, reports Reuters.

The method for bypassing the Touch ID security feature found on the iPhone 5s is very similar to the one used by the Chaos Computer Club, which also claimed to hack Touch ID earlier this month. A video posted on the group's website shows how Touch ID can be bypassed using information gathered from fingerprints left on the victim's phone display, demonstrating that a photo taken with the iPhone 4s can be used for developing a mold.

Aside from any future changes Apple may make to increase security, users can already prevent the simple bypass of the Remote Wipe feature by turning off access to Control Center from the lock screen.

iOS 7 has recently been the subject of much praise by security officials, including the New York Police Department, which passed out flyers in New York City recommending users to update to iOS 7, along with government officials who have praised iOS 7's Activation Lock. Meanwhile, Touch ID has been the subject of much scrutiny since its release, with U.S. Senator Al Franken sending a letter to Tim Cook asking a number of questions about the security of the system and the exact fingerprint storage process. Apple has also published an extensive knowledge base article about the benefits of the Touch ID system to alleviate some consumer concerns.

Article Link: Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses

Afbar1114 · Oct 4, 2013

It seems like way to many steps to do this. Also instead of posting this all over the net so people can now hack phones. why not tell apple send them the video instead..

edit:
Who the heck has a copper printer sitting around?

dragje · Oct 4, 2013

Afbar1114 said:
It seems like way to many steps to do this. Also instead of posting this all over the net so people can now hack phones.

Makes it even more high priority for Apple to do something about it. But guess what? Apple won't do anything about this. Simply to expensive to withdraw it's entire production process only to come up with a hardware by-pass to deal with this. And why should Apple do something about it to begin with? The video clearly mentioned that of all the fingerprint technology out there most, if not all, devices where able to be hacked.

There is no such thing as 100% secured safety.

why not tell apple send them the video instead..

Why should they? I'm sure one of Apple's employees reads MacRumors.

edit:
Who the heck has a copper printer sitting around?

People who like to hack iPhone fingerprint sensor, quite obviously.

Technarchy · Oct 4, 2013

So far it looks like Touch ID is a pain in the ass to bypass.

furi0usbee · Oct 4, 2013

First comments from the NSA: Parlor tricks.

Anyone with a sane mind knows that with enough money + technology pretty much anything is hackable. All these videos do is show that companies need to try and at least keep up with the tech. There is nothing Apple or any company can do to prevent people with all this stuff in their spare room from hacking a fingerprint.

Newsflash to all the haters. If someone gets your phone in their hands and is skilled, it doesn't matter what type of security you have. All Apple has to do is make it totally unreasonable for 90% of all iPhone thieves to even attempt to steal your phone as it will be unusable.

Just imagine the "toys" the NSA has for doing stuff like this???

Will do good · Oct 4, 2013

A gun to the person would work just as well.

technowar · Oct 4, 2013

After you bypass the 'stolen' iPhone, there's no way you could use it anyway - because of Find My iPhone.

kevdyas · Oct 4, 2013

Alternatively, if the thief gets the iPhone before the pass code delay kicks in and the e-mail account is equally setup on the device is to reset the password via an e-mail link for iCloud and hey presto! switch off Find my iPhone!

j_maddison · Oct 4, 2013

There's a lot of assumptions in this video

If someone stole your phone, I'm pretty sure in that hour or more from them running away down the high street you'd carry out more steps than logging into find my iPhone. You'd call your network to get your Sim card barred to start with, so no SMS messages could fly onto the phone, and I'm pretty sure that common sense would kick in and you'd chance your passwords for your e mail addresses, and any other services that were on your phone.

caliguy · Oct 4, 2013

I want to see them bypass the sensor with "real world" fingerprints. Take the iPhone sitting on my desk and lift one of those smudges...

Beautyspin · Oct 4, 2013

Anonymous: Apple's Touch ID Is Deliberately Insecure

Anonymous has made a claim that once again strikes at the heart of security in the digital age. At issue is Apples new Touch ID, which brings fingerprint authentication to the iPhone for the first time.

According to the group, which released the video shown below, Apple has worked very closely with U.S. government agencies and surveillance groups to bring Touch ID to market. As proof, they note that former AuthenTec director Robert E. Grady played a central role in the George W. Bush administration, and was also connected with The Carlyle Group.

Grady is currently a Managing Director at Cheyenne Capital, a $500 million private equity fund. Prior to this, he did work for AuthenTec and at other properties owned by The Carlyle Group.

Apple acquired AuthenTec in 2012 for $356 million. Its fingerprint technology is likely what powers Touch ID.

http://appadvice.com/appnn/2013/10/anonymous-apples-touch-id-is-deliberately-insecure

mrjr101 · Oct 4, 2013

technowar said:
After you bypass the 'stolen' iPhone, there's no way you could use it anyway - because of Find My iPhone.

Exactly, this is all bs. One thing is to help Apple, another thing is to tell them what they should be doing with their design. How dare these clowns tell Apple to take some features off the lock screen. No thanks, this is just fine the way it is. There is always Find My iPhone.

Iampr · Oct 4, 2013

Why not just set a restriction (Settings | General | Restrictions) on making changes to accounts? Then the find my iPhone can't be turned off without knowing an additional 4 digit code

Slim02 · Oct 4, 2013

Well people stop calling the bypass a damn hack.. It is not a hack because there is nothing being hack...

technowar · Oct 4, 2013

Iampr said:
Why not just set a restriction (Settings | General | Restrictions) on making changes to accounts? Then the find my iPhone can't be turned off without knowing an additional 4 digit code

Can you walk us through this?

jonasdamn · Oct 4, 2013

technowar said:
After you bypass the 'stolen' iPhone, there's no way you could use it anyway - because of Find My iPhone.

emmm have you looked full video? because he managed to reset victims email and disable find my iphone?
Good to see that people try to bypass somehow Apple security mechanism and Apple could later improve those holes

Ironman226 · Oct 4, 2013

Hide From GPS With This Signal-Blocking Phone Case

the guy in video propose to disable an access to control center on locked screen to avoid blocking radio signals (gps,cellular, wifi) but it's not a solution because a thief can buy this case to block signals for as only as 75 dollars. http://www.popsci.com/gadgets/article/2013-08/how-protect-yourself-your-phone

Shrink · Oct 4, 2013

Quote:
1. Make Airplane Mode inaccessible from the lock screen by default and require PIN after setting Airplane Mode or removing SIM Card
2. Warn users not to store password-reset email accounts on iDevices
3. When device is lost for good, advise users to revoke its privileges
4. Do not inform potential attackers how the device is protected
5. Upon reconnecting to the Internet, iOS should not allow email retrieval before the device's wipe- or don't-wipe status can be retrieved

Unless they ask REALLY nicely.

Seems like a lot of work, requiring a fairly refined skill set, to use this method.

foobarbaz · Oct 4, 2013

MacRumors said:
users can already prevent the simple bypass of the Remote Wipe feature by turning off access to Control Center from the lock screen.

I always thought it was a waste of space to have Airplane Mode in the Control Center. I mean really, is that an option you need at your fingertips all the time?

But now it means I have to turn the entire Control Center off on the lock screen and lose all it's good features.

aloshka · Oct 4, 2013

A couple of things are incorrect about this. The first is after a restore, your emails will not show up, until you type in your email password, assuming iCloud isn't your only account. So any exchange accounts, gmail, will bug you for your password.

Also, it's interesting that it took such a long time for Apple to wipe the phone. I just tried some of this and the phone got wiped as soon as I turned off airplane mode. Let alone have time to receive the recovery email, email it to myself, so I can copy and paste on a computer, then put on airplane mode back on right away. Those emails aren't that instant.

another thing to note, is that Apple sends one more email that says your password has changed to your secondary email. There's a link "I did not change my password"

PracticalMac · Oct 4, 2013

I hope Apple will listen.

I have seen a lot of "not thought of / invented here" attitude.

Not saying they don't, but it takes a lot of crying on many occasions.

jonasdamn · Oct 4, 2013

aloshka said:
A couple of things are incorrect about this. The first is after a restore, your emails will not show up, until you type in your email password, assuming iCloud isn't your only account.

Also, it's interesting that it took such a long time for Apple to wipe the phone. I just tried some of this and the phone got wiped as soon as I turned off airplane mode.

another thing to note, is that Apple sends one more email that says your password has changed to your secondary email. There's a link "I did not change my password"

you dont need to retype password for email accounts if you are restoring backup on the same iDevice you have made backup. If you would try restore iPhone 5 backup on iPhone 5s you would need to retype password. Tested

kevdyas · Oct 4, 2013

Thinking it through, all they actually need to do is change the iCloud password anyway? Then Find my iPhone etc. is disabled either way.

I haven't tried, but a user changing their iCloud password could actually prevent the device receiving the remote wipe etc?

So having access to the phone prior to it requiring the pass code lock (assuming it is enabled!) and simply requesting a password reset e-mail to change the password from gets it all sorted for the thieves.

gondor5 · Oct 4, 2013

I am not sure if this has been suggested before, but why not have an option to use both. Use fingerprint and then enter a code to unlocked the phone.

snowcrash · Oct 4, 2013

settings > control center > access on lock screen > off

Problem solved.

/end thread

Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses

macrumors bot

macrumors 6502a

macrumors 6502a

macrumors 604

macrumors 68000

macrumors 6502a

macrumors 6502

macrumors member

macrumors 6502a

macrumors 6502

macrumors 6502a

macrumors regular

macrumors newbie

macrumors 6502

macrumors 6502

macrumors 6502a

macrumors member

macrumors G3

macrumors 6502a

macrumors 65816

macrumors 68030

macrumors 6502a

macrumors member

macrumors newbie

macrumors regular

Our Staff