Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
Master Locks increase the security of my tool shed... yet they can be easily picked.
Should we crap all over every padlock manufacturer?
Fairly common... yet long drawn out technique.
TouchID adds convenience for me... and it puts huge roadblocks in the way of a potential phone hacker.
You gotta have a decent image of my fingerprint, a laser printer, wood glue, latex, etc. And time.
Time that I will be spending wiping my phone anyway.
In other words... I don't feel less secure because of this article.
Yes, however the fingerprint gizmo is just ridiculous.
Don't forget you have your password written all over your phone when the the password is your fingerprint !!!
I guess I wil never hear the end of this... I made a mistake. I wasn't really watching the video closely and assumed he used the same finger (Thumb). I admit I am a human being and have flaws. Should I beg for mercy?
Your fingerprints also leave telltale marks about which 4 buttons you press if you use a pass code.
Probably a scarier thought is that DHS uses fingerprint scanning at the border.
What they tell you is that you should not use a lock for which you leave imprints of the key on everything you touch. Honestly, leaving imprints of your keys on everything you touch is asking for trouble...
I heard in Mexico thieves could put devices in ATM doors where you're supposed to slide your card to access the room, and your card gets cloned.
Will there be similar tramps from thieves to access computer data?
Or the technology of credit card bands is simpler and that's why it exists.
Will there be similar tramps from thieves to access computer data?
Or the technology of credit card bands is simpler and that's why it exists.
Do you usually lose your phone? Are you trying to disprove the generalization by proving the exception? Sorry it doesn't work that way.
Why would anyone bother to try and extract your fingerprint from some security module buried deep within an ASIC inside a phone sealed tight like a drum? You leave the damn things everywhere and on everything. If someone wants your fingerprint, they don't need to hack an iPhone to get it. They can lift it with cocoa powder and scotch tape.
Fingerprints are not secret, and that's the point the CCC is making. They don't need to hack the print out of the secret key store. Using something that is not secret for a key, is not secure. What is the point point of storing public information in a secret key store?
But security is of course always a matter of degree. A fingerprint is way better than an unlocked phone. But a secret pin is better than a fingerprint.
Moral of today's story, don't stop using a pin if you were already using one. And if you weren't, at least use fingerprint locking, but you still should really be using a pin.
This was bound to happen sooner or later, one should always keep in mind that no security is perfect, although I must say that it was sooner than I expected. Although this method is not very practical that doesn't mean simpler methods couldn't be deducted from this method. In this case they took a 2400 dpi picture but one can assume they took an as high resolution picture they could and an as technologically advanced method as possible in order to have the largest chance of succeeding. It might well be that for example a much lower dpi picture could do the trick as well, only further testing can determine that.
On the one hand it's good to see this as it might stop people from thinking of/relying on it as a fool security system, which it obviously isn't. (and most people with some technological know-how already knew or expected)
On the one hand it's good to see this as it might stop people from thinking of/relying on it as a fool security system, which it obviously isn't. (and most people with some technological know-how already knew or expected)
This is exactly it. People go on about "Oh, but this is not an iPhone 5s" or "Oh, but it is the same guy doing the unlocking, show it with someone else", or "It is surely impossible to lift the fingerprints from that fingerprint filled Phone", or "Oh, but we knew this all along, it was never meant to be secure". Yet it is fact: They claim to have broken TouchID with a simple and really old technique.
http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
Have you listened to the keynote? They very explicitly say it is targeted to a large degree at those who don't have a passcode now. It surely increases the security for them.
And I don't know what your reasoning is here. Did Apple make you believe that fingerprint sensors add another layer of security, something you didn't believe before? And now, that you've learned that fingerprint sensors can with a bit of effort can be fooled, you feel that Apple misled you when it said that nobody can take the phone into their hand and just unlock it as fast as you could unlock thanks the fingerprint sensor?
More troubling
Sure, it's interesting that someone can lift your latent print off of some surface, then create a fake finger, then steal your phone an unlock it. This is a real threat to someone with important data on your phone. Assuming you are not some general with the plans for an attack on Syria on your phone, or else you're carrying around your company's future strategy, you're probably safe from that.
I'm more worried about other systems that use fingerprints. Anyone who has your fingerprint for whatever other reason (like the police and the FBI if you've been arrested) now have the ability to unlock your phone. That's the real issue with using the same credential for multiple systems.
Sure, it's interesting that someone can lift your latent print off of some surface, then create a fake finger, then steal your phone an unlock it. This is a real threat to someone with important data on your phone. Assuming you are not some general with the plans for an attack on Syria on your phone, or else you're carrying around your company's future strategy, you're probably safe from that.
I'm more worried about other systems that use fingerprints. Anyone who has your fingerprint for whatever other reason (like the police and the FBI if you've been arrested) now have the ability to unlock your phone. That's the real issue with using the same credential for multiple systems.
This is still far more secure than the non-existent passcode most have been using. It's not shocking that Touch ID can be hacked, but let's get real, this isn't something most people need to worry about, and this is still a much better solution than not using a passcode, especially considering it makes it easier to use a long-passcode that is more complicated.
And for those wanting to be extra secure, let's dial down the drama level and focus on some reasonable solutions that at the very least minimize this problem:
First of all, to be completely clear, once you put your iPhone in Lost Mode with Find My iPhone, you would need to know the full passcode as opposed to being able to use the fingerprint. So enable Lost Mode as soon as possible. If the device is turned off, the sim is removed or it has no WiFi access, this won't help, but if the device eventually gets any internet access, it will kick into Lost Mode and Touch ID will not work to unlock the phone. Thus, if you have a long passcode setup, you're likely in better shape than you were with a simple passcode.
Some other things:
So what about enabling Airplane Mode/WiFi so that Lost Mode cannot be implemented?
Disable access to Control Center on Lock Screen in the Settings Menu.
What about the Siri bug?
Hopefully Apple patches that sooner rather than later, but if you're really concerned about security and want to use Touch ID, disable Siri until Apple patches this hole. I would imagine that they'd do so in the next few days, so I consider this a minor issue that won't be an issue in a matter of days.
Once these things are accounted for, Touch ID becomes a pretty reliable option for most people, as most thieves aren't going to be bright enough to crack these phones reliably with Touch ID, and with Activation Lock and Long Passcodes, they're going to be a lot less likely to try.
For those that require the utmost in security and are at risk from parties with the means to gather and replicate your fingerprint in a time-efficient manner, than obviously Touch ID is not for you, and you should be using a long passcode to protect your sensitive data. This is inconvenient, to be certain, and I'm sorry for that. I can only hope you're being paid enough to keep such sensitive data secure so as to make the inconvenience worthwhile. But again, for most people, Touch ID goes a long ways towards making your phone more secure, and we can only assume that this is just one step towards making your data more secure and that more will be unveiled in the future.
In the meantime, what are some things that would make this even more secure?
Allow users to set a shorter timeframe before requiring the full passcode. Even being able to set it for as little as an hour would make this far more secure tech while maintaining quite a high level of convenience. This is really the simplest option and perhaps makes the most sense in the short term.
Building off that, another option might be to set a timeframe that once expired, still allows you to use the Touch ID, but forces you to use one specified fingerprint or multiple specified fingerprints in a specific order for the sole purpose of unlocking the phone if it hasn't been unlocked after a certain amount of time. Also, force it to default to the passcode if you screw up the order or the specific fingerprint twice in a row. This adds more to the setup, sure, but it's an option that would make Touch ID that much more secure and convenient. And again, the bigger idea with this isn't to just allow you to continue to use Touch ID but to allow you to use a longer, more secure passcode which is harder to crack than a simple passcode without the inconvenience of having to put that in so often.
Another long shot idea would be to work out an agreement with carriers that minimizes the ability for a thief to simply remove the sim in order to cut off data. I would imagine that in 2013, they could cook up a way for the last working cellular connection to be maintained without the sim for, say 48 hours, for the express purpose of enabling Lost Mode. The only way to keep the phone from being locked with a long passcode at this point would be to keep the phone turned off for 48 hours, at which point Touch ID won't be an option. Granted, this whole idea is formed around the idea of the carriers taking on more responsibility, at which point you'd have to imagine they could do a lot more than simply turn on Lost Mode, so...meh.
The bottom line is that sure, more could be done to make Touch ID secure, but in the meantime, Touch ID combined with Activation Lock is still a pretty damn secure option for most people. Again, considering how many people don't even use passcodes, this is major progress.
And for those wanting to be extra secure, let's dial down the drama level and focus on some reasonable solutions that at the very least minimize this problem:
First of all, to be completely clear, once you put your iPhone in Lost Mode with Find My iPhone, you would need to know the full passcode as opposed to being able to use the fingerprint. So enable Lost Mode as soon as possible. If the device is turned off, the sim is removed or it has no WiFi access, this won't help, but if the device eventually gets any internet access, it will kick into Lost Mode and Touch ID will not work to unlock the phone. Thus, if you have a long passcode setup, you're likely in better shape than you were with a simple passcode.
Some other things:
So what about enabling Airplane Mode/WiFi so that Lost Mode cannot be implemented?
Disable access to Control Center on Lock Screen in the Settings Menu.
What about the Siri bug?
Hopefully Apple patches that sooner rather than later, but if you're really concerned about security and want to use Touch ID, disable Siri until Apple patches this hole. I would imagine that they'd do so in the next few days, so I consider this a minor issue that won't be an issue in a matter of days.
Once these things are accounted for, Touch ID becomes a pretty reliable option for most people, as most thieves aren't going to be bright enough to crack these phones reliably with Touch ID, and with Activation Lock and Long Passcodes, they're going to be a lot less likely to try.
For those that require the utmost in security and are at risk from parties with the means to gather and replicate your fingerprint in a time-efficient manner, than obviously Touch ID is not for you, and you should be using a long passcode to protect your sensitive data. This is inconvenient, to be certain, and I'm sorry for that. I can only hope you're being paid enough to keep such sensitive data secure so as to make the inconvenience worthwhile. But again, for most people, Touch ID goes a long ways towards making your phone more secure, and we can only assume that this is just one step towards making your data more secure and that more will be unveiled in the future.
In the meantime, what are some things that would make this even more secure?
Allow users to set a shorter timeframe before requiring the full passcode. Even being able to set it for as little as an hour would make this far more secure tech while maintaining quite a high level of convenience. This is really the simplest option and perhaps makes the most sense in the short term.
Building off that, another option might be to set a timeframe that once expired, still allows you to use the Touch ID, but forces you to use one specified fingerprint or multiple specified fingerprints in a specific order for the sole purpose of unlocking the phone if it hasn't been unlocked after a certain amount of time. Also, force it to default to the passcode if you screw up the order or the specific fingerprint twice in a row. This adds more to the setup, sure, but it's an option that would make Touch ID that much more secure and convenient. And again, the bigger idea with this isn't to just allow you to continue to use Touch ID but to allow you to use a longer, more secure passcode which is harder to crack than a simple passcode without the inconvenience of having to put that in so often.
Another long shot idea would be to work out an agreement with carriers that minimizes the ability for a thief to simply remove the sim in order to cut off data. I would imagine that in 2013, they could cook up a way for the last working cellular connection to be maintained without the sim for, say 48 hours, for the express purpose of enabling Lost Mode. The only way to keep the phone from being locked with a long passcode at this point would be to keep the phone turned off for 48 hours, at which point Touch ID won't be an option. Granted, this whole idea is formed around the idea of the carriers taking on more responsibility, at which point you'd have to imagine they could do a lot more than simply turn on Lost Mode, so...meh.
The bottom line is that sure, more could be done to make Touch ID secure, but in the meantime, Touch ID combined with Activation Lock is still a pretty damn secure option for most people. Again, considering how many people don't even use passcodes, this is major progress.
