Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 22, 2013, 02:43 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)




The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor with a photo of the original user's fingerprint. The bypass is demonstrated in this short video:

The system is detailed in a how to which requires obtaining the original user's fingerprint:
Quote:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Article Link: Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
MacRumors is offline   2 Reply With Quote
Old Sep 22, 2013, 02:43 PM   #2
Michaelgtrusa
macrumors 603
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
Here we go! This bad news!
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is online now   6 Reply With Quote
Old Sep 22, 2013, 02:44 PM   #3
iSunrise
macrumors regular
 
Join Date: May 2012
Ouch.

Impersonating a user by doing that would be very, very bad.
iSunrise is offline   3 Reply With Quote
Old Sep 22, 2013, 02:45 PM   #4
Eddy Munn
macrumors 6502
 
Join Date: Dec 2008
Oh dear! At least they won't be ripping my fingers off any time soon.
Quote:
Originally Posted by arn View Post
which is in itself ridiculous.
Of course it's ridiculous, maybe that wasn't apparent in what I said.
__________________

2013 13" MacBook Air + iPad Mini with Retina Display + iPhone 5.

Last edited by Eddy Munn; Sep 22, 2013 at 03:56 PM.
Eddy Munn is offline   6 Reply With Quote
Old Sep 22, 2013, 02:45 PM   #5
cmChimera
macrumors 68000
 
cmChimera's Avatar
 
Join Date: Feb 2010
I'm sooooo terrified.
cmChimera is offline   18 Reply With Quote
Old Sep 22, 2013, 02:46 PM   #6
syan48306
macrumors 6502
 
Join Date: Apr 2010
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
__________________
2012 rMBP 15: 2.6 QM i7, 8 GB RAM, 512G SSD
syan48306 is offline   115 Reply With Quote
Old Sep 22, 2013, 02:46 PM   #7
greenythebeast
macrumors regular
 
Join Date: Mar 2008
Hahahaha. Nice job Apple.
greenythebeast is offline   7 Reply With Quote
Old Sep 22, 2013, 02:46 PM   #8
xDKP
macrumors regular
 
Join Date: Feb 2011
Location: Denmark
With that shaky a hand, he must be faking this!
xDKP is offline   39 Reply With Quote
Old Sep 22, 2013, 02:46 PM   #9
flash84x
macrumors regular
 
Join Date: Aug 2011
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.

This just in, every single passcode system bypassed by first acquiring user's passcode.
flash84x is offline   155 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #10
arn
macrumors god
 
arn's Avatar
 
Join Date: Apr 2001
Send a message via AIM to arn
Quote:
Originally Posted by Eddy Munn View Post
Oh dear! At least they won't be ripping my fingers off any time soon.
which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts.

arn
arn is offline   82 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #11
the411
macrumors newbie
 
Join Date: Sep 2012
Quote:
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.
So it's that simple...
the411 is offline   140 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #12
iSpud
macrumors member
 
Join Date: Jan 2004
Location: Minnesota
Huh? Haven't we known this is a way around these sensors?

I have a way to bypass a password too...Look at the post-it of a users passwords and copy them down. Then type it into the iPhone to bypass the login.

</sarcasm>
iSpud is offline   38 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #13
somethingelsefl
macrumors 6502
 
Join Date: Dec 2008
Location: Tampa, FL
Still more secure than a 4-digit passcode...also, maybe this is new information...but NO security protocol is flawless, there is always room for improvement.

I mean come on! The device is activation locked, fingerprint locked, and in a secure app environment...I don't see how people can say that Apple devices aren't the most secure consumer-level smartphones.
somethingelsefl is offline   48 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #14
donutbagel
Banned
 
Join Date: Jun 2013
So much for the whole "it scans under your skin" explanation.
donutbagel is offline   28 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #15
flash84x
macrumors regular
 
Join Date: Aug 2011
Quote:
Originally Posted by xDKP View Post
With that shaky a hand, he must be faking this!
Shaky finger gave me anxiety.
flash84x is offline   28 Reply With Quote
Old Sep 22, 2013, 02:47 PM   #16
TouchMint.com
macrumors 65816
 
TouchMint.com's Avatar
 
Join Date: May 2012
Location: Phoenix
Pretty intense process to purchase apps under my App Store account!
__________________
TouchMint.com iOS App Site
Adventure To Fate iOS RPG Game Site
Indie iOS Game: Adventure To Fate : A Quest To The Core JRPG

TouchMint.com is offline   19 Reply With Quote
Old Sep 22, 2013, 02:48 PM   #17
goobot
macrumors 601
 
goobot's Avatar
 
Join Date: Jun 2009
Location: long island NY
Wait, did they lift the print off the phone or actually photograph the guys finger? If it is a photograph then this means nothing...
__________________
Unibody Macbook |iPad|Apple TV 2|Black iPhone 6
goobot is offline   24 Reply With Quote
Old Sep 22, 2013, 02:48 PM   #18
pmau
macrumors 6502a
 
Join Date: Nov 2010
This is why I use a different body part
pmau is offline   77 Reply With Quote
Old Sep 22, 2013, 02:48 PM   #19
Eriamjh1138@DAN
macrumors 6502
 
Join Date: Sep 2007
Location: BFE, MI
So as long as one has access to the actual finger and whatever the heck can take pics at 2400dpi, one can make a "working copy" of it. Seems easier to beat the **** out of someone for the 4-digit passcode.

It's still pretty damn secure no matter what anyone says. The fact that the code is still a measly 4 digits is the weakest link of all.
__________________
iBeaker
Eriamjh1138@DAN is offline   24 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #20
Rogifan
macrumors G3
 
Rogifan's Avatar
 
Join Date: Nov 2011
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple.
__________________
"When we se something huge and powerful we aspire to make it small and meaningful." Jony Ive 
Rogifan is offline   79 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #21
illegalprelude
macrumors 68000
 
Join Date: Mar 2005
Location: Los Angeles, California
Send a message via AIM to illegalprelude Send a message via MSN to illegalprelude Send a message via Yahoo to illegalprelude
So basically, you need a few thousand dollars, knowledge, and time to break into the device. Yes, this seems like a real threat for 99.5% of people

Unless you can place someone else's thumb and get through, TouchID works. Apple designed this for consumers, not to protect the countries nuclear facilities
__________________
"PeAcE is but a shadow of death, desperate to forget its painful past"
SonyRumors.net Sony News, Talk, and Reviews
Bebi Tech Consulting Your Mac Consultant
illegalprelude is offline   69 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #22
ryansimmons323
macrumors regular
 
Join Date: Oct 2011
Is he being held at gunpoint while doing this? Shaky...
ryansimmons323 is offline   38 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #23
iGobbleoff
macrumors member
 
Join Date: May 2011
Quote:
Originally Posted by flash84x View Post
So a 2400 DPI photograph of the fingerprint is required? I wouldn't call that 'bypassing'.
Came here to post this
iGobbleoff is offline   16 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #24
GBrooks
macrumors member
 
Join Date: Mar 2011
Location: London, UK
FAKE, his hand is not shaking NEARLY enough.
GBrooks is offline   15 Reply With Quote
Old Sep 22, 2013, 02:49 PM   #25
QCassidy352
macrumors G3
 
QCassidy352's Avatar
 
Join Date: Mar 2003
Location: San Francisco
Quote:
Originally Posted by syan48306 View Post
Honestly, kocking someone out and using their finger or holding them at gun point results in the same thing. No password, print or pin is safe. It's just a good way to minimize pesky intruders. That's all.
Well said. No security is perfect. Touch ID will still be a strong protection against most intruders.
QCassidy352 is offline   13 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images MacRumors MacRumors.com News Discussion 342 Feb 4, 2014 11:54 AM
Privacy and the 5s - Government can get a copy of your fingerprint? cavemanit iPhone 41 Oct 11, 2013 01:57 PM
Apple Announces iPhone 5s With 'Touch ID' Fingerprint Sensor MacRumors iOS Blog Discussion 442 Sep 27, 2013 06:37 AM
Chaos Computer Club reports hack of Touch ID gnubelebung iPhone 1 Sep 22, 2013 02:49 PM
Apple Applies for Patent on Fingerprint Sensor Packaging System MacRumors MacRumors.com News Discussion 71 Jun 24, 2013 11:14 PM

Forum Jump

All times are GMT -5. The time now is 05:50 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC