Sadly I agree. If this "hack" is legit, then it points to either incompetence (given how well established this technique seems to be) or dishonesty for not having disclosed this weakness.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
Sadly I agree. If this "hack" is legit, then it points to either incompetence (given how well established this technique seems to be) or dishonesty for not having disclosed this weakness.
In general there are 3 different types of security. What you know (password), what you have (a card, nfc, passport etc), and what you are (biometrics). None of them are perfect, and each has advantages. The advantage of the finger print here is that it dramatically reduces the forced interaction with the user everytime he uses it. I personally do not use passcodes, because it is such an encumbrance to using the phone during the course of the day. TouchID improves my security without having an overly high cost of encumbrance and my phone in more secure... It has to work most of the time to make it worth it, and I think this is what does work here. I never used any of the other laptop thingies because they just never worked well enough.
"Chaos Computer Club Bypasses Apple's Touch ID System"
Cool story bro, lol jk. I really don't care honestly. It will keep nosy people out of my phone from texts and my pics. Is not like I'm hiding FBI documents on my device or something.
Cool story bro, lol jk. I really don't care honestly. It will keep nosy people out of my phone from texts and my pics. Is not like I'm hiding FBI documents on my device or something.
I think the Chaos Computer Club needs to get out more. Maybe a stripclub, find a girlfriend, something.
Who realistically is going to go through all of that to hack into an iPhone.
Give me 50 Marines and a tank and I bet I can break into Fort Knox. Yeah, this is how stupid and unrealistic the touch screen hack sounds.
Who realistically is going to go through all of that to hack into an iPhone.
Give me 50 Marines and a tank and I bet I can break into Fort Knox. Yeah, this is how stupid and unrealistic the touch screen hack sounds.
Ultimate Security...
Next iPhone will incorporate Touch ID and retina scan while the user voices a password over FaceTime that Siri translates into Dutch to a secure server in the Netherlands rerouted to Ed Snowden in Russia for final verification.
On a serious note, I am certain Apple will respond with a software patch.
Next iPhone will incorporate Touch ID and retina scan while the user voices a password over FaceTime that Siri translates into Dutch to a secure server in the Netherlands rerouted to Ed Snowden in Russia for final verification.
On a serious note, I am certain Apple will respond with a software patch.
What a stupid thread from paranoid readers.
Give me your house key, I'll make an impression with some silly putty and then make a copy...presto! I'm inside your home with all your personal stuff or stole your car.
Or spit out some saliva and I'll leave it at the crime scene and frame you.
Of course a real copy of your fingerprint will work. If the Apple ID cannot read a really good copy of your fingerprint...then it probably would have a high error rate reading your real finger.
The idea of the Apple finger sensor is to make it 1) easier to use than remembering a 4 digit code, esp. one that might me your birth year reversed, 2) convert a 3 step process into a 1 step way to unlock your phone...really useful if your use your phone 50 or more time a day and 3) yes, make your phone more secure because a finger print is better than a 4 digit code.
Plus the rate of acceptance probably will be higher than the password method.
It not meant to be fool proof, just a lot better than we have today.
Give me your house key, I'll make an impression with some silly putty and then make a copy...presto! I'm inside your home with all your personal stuff or stole your car.
Or spit out some saliva and I'll leave it at the crime scene and frame you.
Of course a real copy of your fingerprint will work. If the Apple ID cannot read a really good copy of your fingerprint...then it probably would have a high error rate reading your real finger.
The idea of the Apple finger sensor is to make it 1) easier to use than remembering a 4 digit code, esp. one that might me your birth year reversed, 2) convert a 3 step process into a 1 step way to unlock your phone...really useful if your use your phone 50 or more time a day and 3) yes, make your phone more secure because a finger print is better than a 4 digit code.
Plus the rate of acceptance probably will be higher than the password method.
It not meant to be fool proof, just a lot better than we have today.
Last edited:
I understand where you two are coming from, I was only commenting on the pure mathematical angle.
That said, To me, the people using simple pass codes, aren't really taking security seriously to begin with. I personally don't use simple passcodes. I can't really enter my passcode when driving, but that is actually a good thing
.Do you think Schlage pre-informs customers about lock picking, or even more importantly bump keys? Do you think they don't know about it? Most people have no clue how easy it is to bypass the locks. Is it bad faith that they don't pre-inform?
How about that Apple can back door your password? Do they pre-inform you? Bad faith?
I think you judge way too harshly the ethical requirements.
excuse me, but in which world do you get 11,110 combinations out of four digits?
it's not as bad as the guy claiming there are 40, but still...
jeesh.
if you use use a separate finger (e.g. your ring finger) than those commonly used to operate the phone (thumb, index), as the security ID and there unlikely will be any usable fingerprint on the phone, to lift off.
The concern is that other companies will follow suit with biometric data used to unlock things, and make purchases. The nightmare scenario really is that biometrics become so widespread that somebody who can get your fingerprint like this process here can use it elsewhere to do some real damage. Identity theft is bad enough when it's just credit card numbers you have to change. You can't change your fingerprint.
Considering just how quickly the TouchID was shown to be vulnerable (which of course it was), I feel all the better about my decision not to use the feature when I get my 5s tomorrow. I will fight against biometric "security" every time it comes up in a consumer context. It's a terrible idea that needs to not become widespread. Regardless of Apple's particular implementation, other companies will see Apple doing it and copy it with varying degrees of precaution. I'm not going to encourage them.
So, in the event that you see someone suspiciously approaching you with a cart containing a really high-end camera, laser printer, and various other supplies, know that your phone's data is in danger.
Trust, but verify. Until there is independent confirmation of this tactic I remain somewhat skeptical. And "reputable" is not the word I would exactly use. They seem more blackhat than whitehat.
Ruh-roh:
I sensed something amiss, but I couldn't put my finger on it.
Here we go again, "Finger Gate":
https://forums.macrumors.com/showthread.php?p=17922084#post17922084
I sensed something amiss, but I couldn't put my finger on it.
Here we go again, "Finger Gate":
https://forums.macrumors.com/showthread.php?p=17922084#post17922084
Relax dude, apple has done a great thing with touch id in the home button, itll provide much improved security for MANY people, and its safer then a passcode(only at night when your sleeping you are vulnerable) but are you going to be sleeping around untrustful people?
This will prevent alot of information from being stolen from people, no longer will people be able to look over your shoulder on the train or behind you and rob your phone and get into your phone because they peaked at your screen
Sure touch id isnt fool proof, and has its concerns, but its geniunely a great thing they added, tons of people DONT have passcodes on their phone but its so simple to scan your finger
...the REAL concern should be on how safe is the Touch ID encryption/TrustZone encryption thats new in the new ARMv8 architecture and whether people can geniunely get your finger print from the phone
lol seriously, that's a lot of detailed work. I'd rather save them the trouble and materials and unlock my device for them. Just silly I tell ya, silly.
You would be wrong if you guessed that:
http://techland.time.com/2011/06/13/the-10-most-popular-iphone-passwords-starring-1234/
Ugh...
Now it's getting stupid... This write up is pointless. The finger print feature will work for the common user and make stealing the phone less attractive and virtually impossible to break into for the common thief, especially for those that don't create a latex print (give me a break)... If you carry nuclear secrets, don't store them on your phone. Enough said, now go find something else to be irrationally critical of Apple over so we can all collectively roll our eyes again.
Now it's getting stupid... This write up is pointless. The finger print feature will work for the common user and make stealing the phone less attractive and virtually impossible to break into for the common thief, especially for those that don't create a latex print (give me a break)... If you carry nuclear secrets, don't store them on your phone. Enough said, now go find something else to be irrationally critical of Apple over so we can all collectively roll our eyes again.
So if someone wants to copy my finger print they need to bring a scanner or take a picture of my finger "assuming" they know the finger I used, second they need to work on it photoshop and print etc etc. Unless they held me a gun point no one will be able to copy my finger print by just getting something I touch, they will have more luck trying the 9999 pin codes lol.