Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

[AgentElliot007]

1/10 (10 digits on the number pad) x 1/4 (four possible digits) = 1/40.

0001, 0002, 0003, 0004, 0005, 0006, 0007, 0008, 0009, 0010, 0011, 0012, 0013, 0014, 0015, 0016, 0017, 0018, 0019, 0020, 0021, 0022, 0023, 0024, 0025, 0026, 0027, 0028, 0029, 0030, 0031, 0032, 0033, 0034, 0035, 0036, 0037, 0038, 0039, 0040, 0041, 0042...wait, what?

 

[MacDav]

What are you talking about. It is clearly a 5S (or a 5 at least), just look at the edges, the 4/4S has a thin plastic band between the front panel and the metal frame (the 5/5S doesn't). Not to mention the position of the front camera, and the color of the sideframe.

Well, if it is a 5 and not a 5s it's still fake.

 

[Adam552]

He still used his own finger.

 

[Frubia]

First post so please be gentle!

If touchID improves over time would it be harder to replicate the finger print after it has been used to unlock the phone a few hundred times, as opposed to just after it was input?

 

[ReallyOldGuy]

I watched the video several times. Maybe it's the camera angle, but the aspect ratio of that screen does not seem the same as my 5. If they did in fact beat the sensor I still would use it.

 

[Tech198]

lol

Nerves...... he was just anxious....

But, this all sounds either really fake, or really cool... I can't decide...


Is Apple really this stupid ??

I mean, seriously, going to all this effort to MAKE it secure with encryption, and now this only shortly after ?

This just proves one thing, their are people out there, allot smarter than Apple ever could be.

If this by-pass is true, well done. Next thing ?

 

[runebinder]

So either Apple are lying about the sensor scanning the sub dermal layer and shaky hand man is telling the truth, or vice versa. Think I know who I choose to believe atm.

 

[Zerilos]

Have you listened to the keynote? They very explicitly say it is targeted to a large degree at those who don't have a passcode now. It surely increases the security for them.

And I don't know what your reasoning is here. Did Apple make you believe that fingerprint sensors add another layer of security, something you didn't believe before? And now, that you've learned that fingerprint sensors can with a bit of effort can be fooled, you feel that Apple misled you when it said that nobody can take the phone into their hand and just unlock it as fast as you could unlock thanks the fingerprint sensor?

They did describe it as "the perfect password". This is false if a group of hackers can lift it off of the surface of your phone and defeat Touch ID a day after its release. Seriously, it was susceptible to a well known exploit. Apple should have acknowledged this upfront and let people know that it was exploitable (since they must have known this).

 

[Michael Scrip]

I watched the video several times. Maybe it's the camera angle, but the aspect ratio of that screen does not seem the same as my 5. If they did in fact beat the sensor I still would use it.

Facetime camera above earpiece... telltale sign of the iPhone 5/5S

 

[Lennholm]

So as long as one has access to the actual finger and whatever the heck can take pics at 2400dpi, one can make a "working copy" of it. Seems easier to beat the **** out of someone for the 4-digit passcode.

It's still pretty damn secure no matter what anyone says. The fact that the code is still a measly 4 digits is the weakest link of all.

In credit card skimming, the thieves have found very clever ways to find out the owners pin-code without them being aware of it, so for someone dedicated it wouldn't be impossible.
The fact that the thief need the actual phone is a different matter and I think it's far more likely that they would be able to replicate the finger print from the grease on the button.
This is hardly something the regular pocket thief could or would have the motive to do to an avarage Joe, maybe this could be an issue in corporate espionage.

 

[CelestialToys]

0001, 0002, 0003, 0004, 0005, 0006, 0007, 0008, 0009, 0010, 0011, 0012, 0013, 0014, 0015, 0016, 0017, 0018, 0019, 0020, 0021, 0022, 0023, 0024, 0025, 0026, 0027, 0028, 0029, 0030, 0031, 0032, 0033, 0034, 0035, 0036, 0037, 0038, 0039, 0040, 0041, 0042...wait, what?

You'll increase the probability of a correct guess massively if you go for 0000 first- I'd hazard a guess that it's the most common 4 digit pass code used

 

[AgentElliot007]

You'll increase the probability of a correct guess massively if you go for 0000 first- I'd hazard a guess that it's the most common 4 digit pass code used

Sure, though that wasn't exactly the point I was aiming to illustrate.

 

[Apple_Robert]

I don't see this as a big deal. I don't think your average criminal is going to bother going through such detail and time, just to try and unlock a cellphone.

 

[MacDav]

Mine is too big to fit on the button.

Carlos Danger strikes again.

 

[Michael Scrip]

They did describe it as "the perfect password". This is false if a group of hackers can lift it off of the surface of your phone and defeat Touch ID a day after its release. Seriously, it was susceptible to a well known exploit. Apple should have acknowledged this upfront and let people know that it was exploitable (since they must have known this).

No one has seen an example of getting the fingerprint off the surface of the phone.

As I stated in a comment above... this article appears to be a controlled experiment. That fingerprint on the beer bottle was a little too perfect.

It apparently worked in the lab... now let's test it again with new variables.

If no one can get fingerprints off the phone itself... then the thief will have to steal your phone and some trash you've left behind.

And that greatly increases the complexity of this endeavor.

 

[karmamule]

How do we know he didn't simply register another finger pattern ahead of time? Unless we see the phone factory reset and have non-stop footage from that point forward can we really be sure there wasn't a "pre-video" registration of other fingers?

 

[MacDav]

Even if this video is not a fake, (it's veracity is far from certain) what average iPhone thief is going to go through all that trouble to steal your phone? The answer is none. Much ado about nothing.

 

[leesmith2]

He still used his own finger.

Exactly. If the Touch ID is truly using a subdermal scan, it would have ignored the photo and scanned the guy's own finger to authorize it.

 

[CelestialToys]

Sure, though that wasn't exactly the point I was aiming to illustrate.

Obviously

 

[AaronEdwards]

In 2 hours I can remotely erase my phone 20 times lol. And due to activation lock no one but me can use it. So, even if someone stole your iPhone 5s, by the time he would lift your print (even if it were successful), scan it, print it etc. the phone would have already been erased.

Someone taking the time to lift your print from somewhere will also make sure that your phone won't receive any signals.

----------

No one has seen an example of getting the fingerprint off the surface of the phone.

As I stated in a comment above... this article appears to be a controlled experiment. That fingerprint on the beer bottle was a little too perfect.

It apparently worked in the lab... now let's test it again with new variables.

If no one can get fingerprints off the phone itself... then the thief will have to steal your phone and some trash you've left behind.

And that greatly increases the complexity of this endeavor.

The next videos will be of people trying to do this by lifting whole/smudged/partial prints from bottles/glasses/etc.

 

[xensaenigma]

Jesus, the phone is reading the print through the clear film through to the actual finger.

Show us a break-in with just a photo or the print on paper or whatever.

This one USES THE PERSON'S ACTUAL FINGER.

Not sure why this isn't completely obvious?

Haha... it's so funny that the anti-Apple trolls on here don't even see that!

 

[sanook997]

Sounds like it would have been easer to keep punching in numbers between 0 and 9999 on the old I5. Most anything can be broken if given enough time, but this is hardly practical,it serves no purpose other than to win a contest. It does not present a security risk to 99.9999% of users.

 

[lilo777]

No one has seen an example of getting the fingerprint off the surface of the phone.

As I stated in a comment above... this article appears to be a controlled experiment. That fingerprint on the beer bottle was a little too perfect.

It apparently worked in the lab... now let's test it again with new variables.

If no one can get fingerprints off the phone itself... then the thief will have to steal your phone and some trash you've left behind.

And that greatly increases the complexity of this endeavor.

Obviously not all phones will have good fingerprints but some will. What does it mean? It may entice the thieves to steal as many iPhones as possible. They will be able to unlock some (those with better fingerprints). So much for security.

 

[teknikal90]

Obviously not all phones will have good fingerprints but some will. What does it mean? It may entice the thieves to steal as many iPhones as possible. They will be able to unlock some (those with better fingerprints). So much for security.

this argument is terrible

 

[bit density]

People lock their houses

Even though people can pick locks. That Bump keys exist which don't leave a mark. You can get into a car with a shim or even a rock. You can get into that Coke machine with a bic pen.

There are tons of easy hacks into all sorts of locked things.

Touch ID has two attributes that make it appealing. First it keeps casual interlopers from getting into your phone. And it does so in a fashion that is even easier than NOT having a passcode at all.