Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

Looks like TouchID is just going to be limited to unlocking the iPhone and purchasing apps for a while.
 
Yay, good to see the CCC make international news! (Hope it won't be an embarrassment :))

arn said:
which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
Click to expand...

Yes, but iOS 7 has a feature that is supposed to prevent exactly that:

http://www.itproportal.com/2013/06/...-apples-ios-7-iphone-theft-prevention-system/

If you can bypass Touch ID and reset the phone before the owner can use Find My iPhone, then you can sell it. Or can you? I'm not sure if you can disable Find My iPhone if you bypass Touch ID.

It would also be interesting to know if it has to be a 2400dpi photograph of the finger, or if you can just steal the phone along with the (fingerprinted) coffee mug next to it at Starbucks and create the fake finger from that.

(All that being said, I still want a 5s just for Touch ID…)
 
Last edited:
So everything needed here

First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Click to expand...

is considered "everyday items?" So they are assuming everyone is MacGyver?
 
Here we go... Cue all the nay sayers who will complain about how insecure the newest iPhone is and how Apple just can't get anything right any more!

I mean really... Are we really that concerned that our friends, family, coworkers, whoever, are going to covertly obtain our finger prints and then go through all of this trouble so that they can do what? Download apps to our phone? Read our texts and emails? Send out tweets and status updates from our account?

Seriously, the only true way to not ever have a possibility of someone getting into our accounts is to just not have them. For the average person, a finger print scanner like on the 5s is much more secure and convenient than any other option. I'm not really concerned by this.
 
The sheet he has on his finger looks like it is clear. How do we know its not just scanning his finger through the paper?
 
Do we have any proof that it simply isn't still reading the finger's fingerprint through the transparent plastic sheet?

Because the process they claim to use sounds like it would fool an optical fingerprint reader, which Touch ID isn't.

Touch ID uses a radio-frequency capacitive sensor that only works with live body parts, as previously explained by Mashable.
 
arn said:
which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts. :)

arn
Click to expand...
Wiped and sold is "only" theft, they still protect the original user of the phone. Impersonating someone else by unlocking the phone and using his account for everything and fingerprint authentication would be a bit more severe.

The methods they´ve used are kinda ridiculous though. Getting a 2400 dpi scan of your fingerprint should be a bit hard, unless the guy really wants his fingerprint to be stolen.
 
Jesus, the phone is reading the print through the clear film through to the actual finger.

Show us a break-in with just a photo or the print on paper or whatever.

This one USES THE PERSON'S ACTUAL FINGER.

Not sure why this isn't completely obvious?
 
Would be more interesting if they could do it with prints left on the phone's surface.
 
MacRumors said:
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


The Chaos Computer Club claims to be able to bypass Apple's new Touch ID fingerprint sensor using everyday items and a photo of the original user's fingerprint. The bypass is demonstrated in this short video:

YouTube: video
The system is detailed in a how to which requires obtaining the original user's fingerprint:Apple's new iPhone 5s includes a fingerprint sensor called TouchID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users, however, can continue to use a pin or password as an alternative to the fingerprint sensor -- though that is arguably even less secure than duplicating someone's fingerprint.

Article Link: Chaos Computer Club Bypasses Apple's Touch ID System
Click to expand...

well.. first of all the video does not show how they photographed the fingerprint.. did they lift it up from the touchID (ala CSI /FBI /Police) then photographed it?

second, they will need to chop off the user's finger in order to obtain a print.. and which is already being done by the "professionals" (mafia, yakuza and the others)... that part is scary -

from a security perspective, I think apple employed a decent deterence on iphone theft. remember, there is no 100% full-proof security ...
 
For those mentioning 4 digit passcodes, there is a somewhat hidden feature for longer digit only passcodes. Most people know about complex passwords, but don't want to type on the full keyboard to get into their phone. But if you create a complex passcode that is only digits it will still use the number pad for passcode entry, but you can have as many digits as you want!
 
This doesn't surprise me at all. CCC was able to do this with PC laptops with finger print sensors more than 10 years ago. Apple, ignorant as always, couldn't care less about security concerns.
 
I call BS on this. The fingerprint scanner specifically reads at the sub-dermal layer. I really doubt glue would fool it. I'm going to guess that he had already registered his other finger, and the paper has nothing to do with it.

Also, that guy needs to lay off the caffeine a bit.
 
crawler1975 said:
well.. first of all the video does not show how they photographed the fingerprint.. did they lift it up from the touchID (ala CSI /FBI /Police) then photographed it?

second, they will need to chop off the user's finger in order to obtain a print.. and which is already being done by the "professionals" (mafia, yakuza and the others)... that part is scary -
Click to expand...

http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en

That documents how the fingerprint is obtained.

arn
 
Rogifan said:
How is a 2400 DPI photograph of someones fingerprint an everyday item? I'm sorry but this is click bait pure and simple. :rolleyes:
Click to expand...

I agree. I would like to see the "house hold items" bit removed from the story on the Front Page. They are not just using a piece of tape. I know it says a photo AND household items, but it's a bit deceiving IMO.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back