Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

[bflowers]

With that shaky a hand, he must be faking this!

I was wondering how much caffeine or other drugs he was on when he made the video.

 

[bretm]

which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts.

arn

Get into ones email access and you could pretty much have access to their whole world.

 

[meistervu]

It's actually not easy to get a good complete finger print off most surfaces. Here is a challenge: try to lift a finger print off an ordinary surface: glass, mouse, etc and authenticate the phone with it. It's not as easy as what you see on TV.

 

[kenwk]

Honestly this touch ID thing is for PPL who:
1) Don’t use any passcode in the first place
2) Tired of using passcode for everyday usage
If you are so important with top secret info in your phone then use a real password, end of story.

Also are there really anything that is 100% secure?

 

[kdarling]

I remember reading that it was impossible to use anything but the real finger on this because it scans lower layers of the finger.

Yes, you and many others did read that. The trouble was, someone took the fact that it could read subdermal ridges, and mistakenly turned that around into a false requirement that there MUST BE subdermal ridges.

Bad logic.

The sensor is just a dumb antenna array. It doesn't know what kind of material it's reading the signal from. Could be human. Could be animal. Could be live. Could be dead. Could be Play-Doh or wood glue.

It only "sees" subdermal ridges if it's reading a finger. Otherwise, it "sees" whatever material is there. The image it builds up from the antennas, just has to match up within the range of what is acceptable to it.

Think of it this way: could you figure out a way to fool an X-ray into thinking it imaged a bone? Yeah, of course you could. Same principle. The X-ray machine itself has no idea what material you're using to cast the shadow.

 

[CL4W]

This is getting ridiculous! What common thief has a 2400 DPI imagine/printing tech? Bottom line is its an added level of security, and majority of thief's WILL NOT go through the trouble of doing whats stated in the video.

 

[Michael Scrip]

Chaos Computer Club is a very reputable organization. Read about them on Wikipedia.

On the other hand... Common Street Thugs are not a very reputable organization.

Let's hope they don't start using scanners and Photoshop!

 

[lordofthereef]

You know, this video isn't proof they did anything. You can teach the phone up to five fingerprints. They easily could have just taught it that other fingerprint earlier.

I am not saying they are lying, but the video wasn't really cut and dry proof.

Also, did the demonstrator have a gun to his head. Parkinsons? What gives?

 

[jinspin]

Relax dude, apple has done a great thing with touch id in the home button, itll provide much improved security for MANY people, and its safer then a passcode(only at night when your sleeping you are vulnerable) but are you going to be sleeping around untrustful people?


This will prevent alot of information from being stolen from people, no longer will people be able to look over your shoulder on the train or behind you and rob your phone and get into your phone because they peaked at your screen

Sure touch id isnt fool proof, and has its concerns, but its geniunely a great thing they added, tons of people DONT have passcodes on their phone but its so simple to scan your finger


...the REAL concern should be on how safe is the Touch ID encryption/TrustZone encryption thats new in the new ARMv8 architecture and whether people can geniunely get your finger print from the phone

It will be worthwhile for thieves to target rich people, corporate espionage and even celebrities like Paris Hilton to get their info. Especially if mobile transactions thru fingerprint security becomes mainstream which is Apple's plans. Steal iphone of rich person or Paris Hilton, lift fingerprint off Home button or glass screen, make mold - the thief is in and can go buy stuff online or sell sexy photos to National Enquirer.

The point is Apple touts Touch ID as secure to make people feel very comfortable just using TouchID when determined thieves and jealous spouses now have means of breaking in and getting at information like emails and photos and mobile transactions. That would be worth a lot to certain organizations and people.

 

[digizure]

Take it easy on caffeine and nicotine!

 

[furi0usbee]

Now it's getting stupid... This write up is pointless.

We needed you by page 3.

----------

Take it easy on caffeine and nicotine!

I do feel bad for that guy. Maybe the guy with the steady hand on the camera should have demoed the this super-easy to use and practical method of bypassing Apple's Touch ID.

 

[sclawis300]

You know, this video isn't proof they did anything. You can teach the phone up to five fingerprints. They easily could have just taught it that other fingerprint earlier.

I am not saying they are lying, but the video wasn't really cut and dry proof.

Also, did the demonstrator have a gun to his head. Parkinsons? What gives?

It is actually Michael j fox.

 

[i.mac]

Not sure how a software patch will fix a hardware issue.

Then you're not an engineer.

 

[furi0usbee]

This guy will love the new image stabilization Apple has built into the video function of the Camera app.

 

[wxman2003]

This is why you use multiple fingers. Hard to lift an accurate print from the device, if you have touched the sensor with different fingers. The fingerprint residue will be that of several fingers.

 

[Lannoc]

In my 44 years of existence, nobody has ever lifted my fingerprint for the purpose of impersonating me. I don't know why they would do it now just because I have an iPhone 5s?

 

[MisterPunchy]

0001, 0002, 0003, 0004, 0005, 0006, 0007, 0008, 0009, 0010, 0011, 0012, 0013, 0014, 0015, 0016, 0017, 0018, 0019, 0020, 0021, 0022, 0023, 0024, 0025, 0026, 0027, 0028, 0029, 0030, 0031, 0032, 0033, 0034, 0035, 0036, 0037, 0038, 0039, 0040, 0041, 0042...wait, what?

 

[lordofthereef]

It is actually Michael j fox.

LOL, look back a couple of pages and find my comment. You might enjoy it.

 

[furi0usbee]

CCC = Coffee, Cigarettes, Convulsions

 

[MacMilligan]

Hold still while I use this DSLR with a $1000 macro lens to get a perfect picture of your finger so I can bypass your phone with a latex mold.

 

[furi0usbee]

In my 44 years of existence, nobody has ever lifted my fingerprint for the purpose of impersonating me. I don't know why they would do it now just because I have an iPhone 5s?

Imagine the thief who goes through all this trouble and brings all his gear, to finally track down his target... only to find out the guy has an iPhone 5 and NOT the s??? That's priceless. Two thumbs(prints) up!

----------

Hold still while I use this DSLR with a $1000 macro lens to get a perfect picture of your finger so I can bypass your phone with a latex mold.

As a thief, you can do a lot with a mobile laboratory!

 

[kdarling]

This is getting ridiculous! What common thief has a 2400 DPI imagine/printing tech? Bottom line is its an added level of security, and majority of thief's WILL NOT go through the trouble of doing whats stated in the video.

A thief who doesn't have something as common as a combo scanner/printer (about $70 at Staples, or $30 used, or free if stolen) and a computer, could just turn around and quickly sell the phone to someone who does.

Or not. As you said, most thieves don't give a hoot about breaking into the phone. They just want to resell it before it gets remotely locked down.

The scanner was not meant to be tightly secure. It was meant to be a convenience unlock feature. As you said, it's better than no or simple passcodes, which is pretty common.

 

[furi0usbee]

Hold still while I use this DSLR with a $1000 macro lens to get a perfect picture of your finger so I can bypass your phone with a latex mold.

Pretty please?

 

[wxman2003]

All of this just to steal Justin Bieber music off a teenager's phone.

 

[furi0usbee]

What if Apple put little sapphire wipers on the Touch ID so that after each use it could wipe them clean? I'm sure they would be cute little wipers.