If this is real I see it as a non issue. Like everyone says who is going to get a copy of your print good enough to work? Now if they can get it from a print off the phone that's another story but I doubt it. Touchid is extremely convenient and more secure that a pass code IMHO.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
Hell I'd believe it if they'd have used someone else's finger to preform the hack.
Doesn't work. Unless you are great at skin removal and place that finger skin onto your finger
Sigh. It would have more entertaining to hear him "Explain", which was my one word reply to him.
It doesn't know what a subdermal layer is. It just reads signals that far.
An equivalently thick plastic sheet (0.5 - 1 mm ?) should work as a substitute.
As I noted earlier in a different thread, an RF sensor isn't dependent upon the skin being alive.
As I also noted in that earlier thread, the sensor that Apple uses is 500 DPI.
The only reason they needed 2400 DPI was to print at 1200 DPI and scan at < 600 DPI.
Basic Nyquist Sampling Theorem.
Any print would do as long as they cleaned it up. (In that thread above, I pointed out that the main reason to use the RF sensor was to get clean prints underneath surface abrasions etc.)
Not much work at all. And depending on whose phone it is, it could be quite worth the minimal time put into it. Imagine if someone found Tim Cook's iPhone, for example.
As I've noted in other threads, pulse and temperature are not reliable parameters... according to AuthenTec themselves.
How do we know that persons finger wasn't stored. The real test would be to wear a glove and try the print.
You must be thinking that 2400dpi scanner is some exclusive technology whilst the reality is that you can buy such scanner (for example Hewlett Packard N6310 Document Flatbed Scanner) for $350. It's just your regular scanner. You can even buy 4800dpi scanner (EPSON GT-1500 B11B190011 48 bit CCD 4800 dpi Sheet Fed Scanner) for as low as $215.
I doubt the idea was to provide ultimate security, I think it was to provide an easy and not cumbersome way to unlock the phone with reasonable security against unsophisticated attacks.
The best security is provided by a (good) passphrase. Passphrase + fingerprint would be even better but I'm not sure it's available. The problem is that unlocking with a passphrase is cumbersome, so not an option which appeals less security-sensitive users. If you really need security ease of use is secondary, otherwise fingerprint is reasonably safe and very convenient to use.
Most likely they used 2400 dpi scanner only because that's the lowest resolution scanner they had
Get back to me when you produce the same result off of a randomly collected phone. Real prints don't look like a scene from CSI or this test. They are smudged, partials and generally less than "pristine". And, since most people don't manipulate the device with their thumb, but will likely use that one for their ID, you could have the simplest solution thwart your printing and glue efforts.
You are missing point. Tim wants fingerprint security for future of mobile transactions where you can buy anything online or in store.
If someone can steal your phone, lift the fingerprint off the home button like police detective and make purchases then that leaves a big hole in Apple's strategy. Or if the hackers break into police databases and steal all the scanned fingerprints on file - then all those people will be screwed because the thieves would have their fingerprints. And fingerprints can never change so they are screwed forever. This will limit adoption of fingerprint security for mobile transactions.
How so?
Using this technique will not allow a thief to bypass Find My iPhone. In order to disable Find My iPhone, you need to know (or guess) the user's passcode.
This fingerprint trick, if even possible, would only allow you to unlock the phone and look at the person's stuff. Since all banking apps are also password-locked, it won't allow them to access your finances, other than perhaps making iTunes purchases -- that is, if you haven't already disabled the phone through iCloud by the time they finish this elaborate fingerprint-duplicating process. So in the end, this time-consuming technique gets them nothing, and you have no reason to worry (unless you're really concerned about thieves seeing your nude selfies).
I'm not familiar with CCC. If they really do have a reputable, then opps, Apple's touch id isn't really that secure.
That said, so what if he uses another finger? iPhone 5S stores up to 5 fingerprints, so he could have also already scanned his other finger. If Touch Id is really what it claims, it scans the sub epidural layer of the finger so I'm doubtful that mould would work.
Agreed. Your finger print is a key. If someone get your key they can access your phone. If they copy your house key they can get into your house. If they see your pass code they can get into your phone. This would only be an issue if they can get your print off the phone or another object but I doubt that will happen.
It is. An off the shelf home scanner does 9600 dpi without interpolation, a basic laser printer and some glue are also everyday items.
Stealing a phone with a TOUCHSCREEN is essentially everything that is needed. It's damn too easy to scan the phone in order to obtain excellent fingerprints. Look at the way you are holding the phone. And scan the back side.
Anyone else notice the black speck on the latex print? Would that not screw up the print or make it unusable!! Just saying!!
He used a different finger from the one he saved. This is the same as giving the latex fingerprint to someone else. However, the iPhone 5s can save 5 different fingerprints, definitive proof would require the latex print working with 6 different digits (who they are from would be irrelevant).
Your other points are completely relevant, and I'd add that if access to your phone is so important that someone would go through all this trouble, you should probably be using something greater than consumer level security.