Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
It isn't about just the printer, the thief also has to hold you down and take a 2400dpi picture of your finger.
Why are we trusting this meth head who shakes their fingers it is so distracting...
jk oh boy, time for a software update...
jk oh boy, time for a software update...
All these hoopla for a hack that will be difficult to duplicate in real world.
The guy that stole you iphone must be wearing (white) gloves or else his fingers will contaminate your prints on the phone.
After that the thief will need to find a perfect print from your phone that match the touch ID.
Even if he did manage to do all that, the phone will still be wiped from find my phone.
Not sure what is the real risk here.
The guy that stole you iphone must be wearing (white) gloves or else his fingers will contaminate your prints on the phone.
After that the thief will need to find a perfect print from your phone that match the touch ID.
Even if he did manage to do all that, the phone will still be wiped from find my phone.
Not sure what is the real risk here.
It's more like Lithium or medication tremors if you ask me. Certain medications can make you have hand tremors -- I know from first hand experience.
No... they have to take a 2400dpi picture of your fingerprint... you don't have to be there.
But if a thief was gonna take a picture of your finger... why wouldn't he just have you unlock the phone and turn off any extra security? I mean... you're right there!
And then hopefully he'd send you on your merry way
I think it remains to be seen what the facts here are but let's remember that touch ID is not designed to protect your phone from being stolen, That's what Find My iPhone and Activation lock are for.
Let's also give Apple some time to respond here so we can have a full picture of this story. I'm sure that some high level communications will be taking place tomorrow (or maybe right now) between senior Apple executives and our friends at AuthenTec across the river from where I sit now. One note I am considering that I will share. The founders of AuthenTec developed their technology while working at another local company, the Harris Corporation. Harris (here in our area) does almost exclusively Governmental work mostly for the military. So it's not too hard to conclude that this technology came from a defense application. I'm not fully ready to believe that it is as insecure as has been stated.
Let's also give Apple some time to respond here so we can have a full picture of this story. I'm sure that some high level communications will be taking place tomorrow (or maybe right now) between senior Apple executives and our friends at AuthenTec across the river from where I sit now. One note I am considering that I will share. The founders of AuthenTec developed their technology while working at another local company, the Harris Corporation. Harris (here in our area) does almost exclusively Governmental work mostly for the military. So it's not too hard to conclude that this technology came from a defense application. I'm not fully ready to believe that it is as insecure as has been stated.
No, that's if you can't pick the same number more than once....
Edit: Ah, you saw your error....
MacRumors... umm.. time to lock this one. All the smart that was going to come from this one has already came. It was fun while it lasted.
----------
What about the guy who said I have a 1 in 40 shot of guessing a 4 digit passcode? LOL Math is fun.
----------
What about the guy who said I have a 1 in 40 shot of guessing a 4 digit passcode? LOL Math is fun.
I am sorry but your point is moot. This is the same argument about a regular 4 number combination for a pass-code, it can be cracked.
Apple didnt intend for the feature to be un-hackable, its an added feature for security in general, period.
Apple didnt come out and say look at what we've done, we created a government proof security option, yay us...Its simply an optional feature that WILL deter thieves.
Its really NOT a big deal, people need to calm down and get back to their everyday lives. Besides, the NSA can crack ANYTHING there is out there, so sleep well Murica.
(bold text added by me!)
I don't care about "most" thieves, just the ones that do care about my data.
If the phone isn't in my possession (bricked or not) I still don't have it (from a non-data financial data standpoint).
Activation lock doesn't stop someone from using the device, it stops someone from erasing/reactivating the device without your iCloud info (it stops them from using it as their own device).
Lost mode (activated after your device is gone) might stop them from using your device.
I'm not sure how much any of this is going to stop people from stealing my phone. I think they'll still steal them for a while (in hopes that it'll be cracked) and many can't tell the difference between phones when it's in a case (but they know it's a smartphone / iPhone). They might just end up switching to a chop shop mentality, the phone still has a good display, case and few other parts that they can use. They certainly aren't going to return it if it's of no use to them, it's going in the trash can...
Plus, I think the average thief probably flips through the texts and photo album looking for something interesting if they have the time.
Gary
No high-res cameras allowed in bars. New rule. And for sure, keep that 40MP Nokia camera out of there. You could get my prints from across the room.
Kaos vs Control
Kaos has done it again and Apple is sending agents Maxwell Smart and 99 to correct the problem.
This is the stupidest BS I've seen in my life. Who in the world would do anything like this, to crack an iPhone?
It is a lot easier to crack the stupid face password on the Samsung phones. Just put any picture of a user in front of the camera of the Galaxy and it will open up. A photo that could be taken from Facebook page or an actual photo or even on another phone. Now that is easy.
What Apple has done here this amazing. Of course, any thing can't be cracked, but the kind of money, time, and effort required to crack this, is huge.
It's just a phone for crying out loud!
Kaos has done it again and Apple is sending agents Maxwell Smart and 99 to correct the problem.
This is the stupidest BS I've seen in my life. Who in the world would do anything like this, to crack an iPhone?
It is a lot easier to crack the stupid face password on the Samsung phones. Just put any picture of a user in front of the camera of the Galaxy and it will open up. A photo that could be taken from Facebook page or an actual photo or even on another phone. Now that is easy.
What Apple has done here this amazing. Of course, any thing can't be cracked, but the kind of money, time, and effort required to crack this, is huge.
It's just a phone for crying out loud!
I think we have to put "security" here into context. From what I saw and understood from the keynote, Apple seems to be positioning this as a convenient way to unlock your phone and of course if they just left it at that everyone would be up in alms going "What all that just to unlock my phone?!" and so they threw in "You can make iTunes purchases as well" which I guess they're testing the waters to see how effective this is as an authentication method.
So the way I see it, there are two main sets of concerns here.
1) Those concerned that their data is easily stolen, and
2) Those concerned that their phones will be stolen and resold
And maybe a combination of the two. I've seen some use-cases mentioned which are very plausible (i.e. celebrity phones etc) but then again how many of us are celebrities?
So for (1) if you are security minded/conscious, you are probably already using a "strong" passphrase and you can continue using this strong passphrase without enabling TouchID. Though personally, TouchID will enable me to have a strong passphrase and use the TouchID for convenience since (2) even if someone unlocks your phone, they cannot turn passphrase/activation lock/find my iPhone off without knowing your Apple ID password and/or existing passphrase. It will be a bummer that for a brief period (assuming they manage to break in before I can remotely wipe the phone) all my personal info will be accessible. That said however, if the person who stole your phone is chiefly interested in the data contained within said phone, then he/she probably can get around any security measures anyway by just plugging the phone in and running some software.
One interesting scenario that hasn't been discussed is law enforcement. I've read (I'm not from the US so forgive my ignorance of US laws) that they cannot force you to unlock your phone but with TouchID, don't they already have your prints and can't they just make a replica of it and unlock your phone? Would that be legal?
So the way I see it, there are two main sets of concerns here.
1) Those concerned that their data is easily stolen, and
2) Those concerned that their phones will be stolen and resold
And maybe a combination of the two. I've seen some use-cases mentioned which are very plausible (i.e. celebrity phones etc) but then again how many of us are celebrities?
So for (1) if you are security minded/conscious, you are probably already using a "strong" passphrase and you can continue using this strong passphrase without enabling TouchID. Though personally, TouchID will enable me to have a strong passphrase and use the TouchID for convenience since (2) even if someone unlocks your phone, they cannot turn passphrase/activation lock/find my iPhone off without knowing your Apple ID password and/or existing passphrase. It will be a bummer that for a brief period (assuming they manage to break in before I can remotely wipe the phone) all my personal info will be accessible. That said however, if the person who stole your phone is chiefly interested in the data contained within said phone, then he/she probably can get around any security measures anyway by just plugging the phone in and running some software.
One interesting scenario that hasn't been discussed is law enforcement. I've read (I'm not from the US so forgive my ignorance of US laws) that they cannot force you to unlock your phone but with TouchID, don't they already have your prints and can't they just make a replica of it and unlock your phone? Would that be legal?
This whole thing is bs. A poor attempt to fake breaking in. First off the touch I'd sensor is not optical. Which can be fooled by a picture of your print. Touch Id uses an rf scan of the living tissue under your dermis (the outer layer of dead skin) and capacitance (slight electrical charge) to map the living tissue below the skin. If anyone has read how this sensor works they would know that it can read from behind glass and even from behind an LCD display. So reading the owners print through a thin film on his own finger proves nothing. Other than his dishonesty in trying to fool people.
Nope. No need for that. Just scan your fingerprint left somewhere. The guy from CCC might have scanned his finger to simplify the process.