Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
This says it all. It's yet another major software flaw and why it is becoming hard to trust Apple with your personal information.
I'm out. Continue the revolution without me.
----------
Chaos Computer Club - Causing not so much chaos since 1981. Now I'm done.
----------
Chaos Computer Club - Causing not so much chaos since 1981. Now I'm done.
Swipe vs. touch
I think I remember reading that swipe fingerprint sensors (you swipe your finger across a thin band, like the Eikon II) are less vulnerable to this technique compared to touch fingerprint sensors (where you put your fingerprint on top the sensor). Maybe just because with a swipe finger sensor you are not leaving a deposit on the sensor that could be lifted. But maybe there are other reasons like the slight deformation of your fingerprint that occurs as you swipe your finger that would then be difficult to reproduce from a lifted fingerprint.
Does anyone know anything about this?
I think I remember reading that swipe fingerprint sensors (you swipe your finger across a thin band, like the Eikon II) are less vulnerable to this technique compared to touch fingerprint sensors (where you put your fingerprint on top the sensor). Maybe just because with a swipe finger sensor you are not leaving a deposit on the sensor that could be lifted. But maybe there are other reasons like the slight deformation of your fingerprint that occurs as you swipe your finger that would then be difficult to reproduce from a lifted fingerprint.
Does anyone know anything about this?
You need only 1 print and then use photoshop to clean it up. Then you have good print of high profile target like Tim Cook or Paris Hilton. Sammy would love to read Timmy's emails.
This says it all. It's yet another major software flaw and why it is becoming hard to trust Apple with your personal information.
are you serious? it's not a software flaw for a bad guy to have ultra high rez 3D reproductions of your fingerprints.
When I clock in at work, other people's fingerprints will work about as well as your own.
Not that I'm comparing technologies, I just find it frickin' hilarious.
Not that I'm comparing technologies, I just find it frickin' hilarious.
Seems like everyone is also forgetting that Touch ID stops working the second the phone is locked for more than 2 hours.
Pretty sure this measure is in place to prevent thieves abundant amounts of time to attempt to extract your prints and reproduce it someway.
Pretty sure this measure is in place to prevent thieves abundant amounts of time to attempt to extract your prints and reproduce it someway.
This says it all. It's yet another major software flaw and why it is becoming hard to trust Apple with your personal information.
I was under the impression that biometrics at least where pertains to fingerprints are very much a hardware thing. Also, it is really hard to trust any company with personal information anymore thanks to Snowden's revelations re: the NSA.
The situations are not analogous. No lock-maker suggests that no other key but the original, not even a facsimile of sufficient precision, can open the lock nor permit their product to be reported in such a way without clarification. Second, the variability of lock quality can be combatted by replacing those locks with better locks, equipped with countermeasures, to augmenting them with additional security features. No such options exist with the iPhone, nor is Touch ID intended for combined use with pass code, beyond those instances where it is required and never sequentially. Lastly, the security expected of Touch ID must be commensurate with the amount of sensitive information or financial harm that can be done immediately should it be circumvented. Someone having a key to your house does not immediately mean that someone can have access to your financial information, passwords, etc. The same cannot be said in the case of bypassed Touch ID. Admittedly, Touch ID may only be presently used in direct purchases from the App Store or iTunes. Given the apparent ease with which it seems to have been broken, one must ask then if such a policy were a necessity rather than a laudable commitment to segregative security.
You'd have to hope that the print you got is registered for that particular iPhone and then that the phone isn't locked down before hand. Then again if you Sammy really wanted to read Timmy's emails, there's probably many remotely exploitable means to get at them that doesn't involve stealing Timmy's iPhone. Just sayin'
This is not enough...Apple needs to implement one more security innovation on top of this innovation and that is "blood DNA-quick verification" this will work like a diabetic glucose test machine - Once you give Apple your blood for scan/DNA verification - all your blood signature DNA will be translate into a 500 years old Transylvania language and then sent to Romania for verification and storage
Dude, it is not the end of the world, just don't use it if you have top secret info in your phone. This is intended for folks that don't even have passcode setup.
This is not enough...Apple needs to implement one more security innovation on top of this innovation and that is "blood DNA-quick verification" this will work like a diabetic glucose test machine - Once you give Apple your blood for scan/DNA verification - all your blood signature DNA will be translate into a 500 years old Transylvania language and then sent to Romania for verification and storage
Haha funny. That will just reinforce the Samsungites assertions that they'll be cutting off our fingers to read our emails. Morons.
This says it all. It's yet another major software flaw and why it is becoming hard to trust Apple with your personal information.
Not at all. The procedure is akin to accessing horn from an Andean mountain goat and mixing it with a feather from an albino raven from Alaska's Brooks Range, boiling them in a solution of sassafras roots and then chanting a voodoo phrase.
Kudos to the folks who accomplished the bypassing for persistence and creativity, but this result should have little impact on the iPhone 5S users other than the tinfoil hat crowd.
which is in itself ridiculous. Phones get stolen and then wiped and sold. You are not that precious a snowflake that someone who steals your phone, wants to read your texts.
arn
Clearly someone has used this method to access Arn's profile.
But seriously, this is as bad as Nicholas Cage putting on your face and sleeping with your wife, and her liking it more.
Last edited:
Did you read the article? Ease with which it was broken? You are being ridiculous. It's no feat your average thug is capable of, nor your above average thug.
Besides, you can lock your phone with a very long, more secure password and disengage the four-digit password and the fingerprint login, so your entire argument is WRONG.
Wtf
Umm. I would like to see someone else use the latex copy other than the guy whose finger print unlocks it.
If it is indeed sub-dermal, couldn't it have unlocked simply due to it picking up the legitimate finger through the latex copy???
Umm. I would like to see someone else use the latex copy other than the guy whose finger print unlocks it.
If it is indeed sub-dermal, couldn't it have unlocked simply due to it picking up the legitimate finger through the latex copy???
Ok so how do we know he didn't register that finger print prior to the video? Doesn't it store a few different prints?
Either way, by the time you went through all the trouble to make this fake print, the victim could easily wipe the device, report it stolen and have the PO PO pick you up. I'm just happy apple is making attempts to reduce the crimes.
Either way, by the time you went through all the trouble to make this fake print, the victim could easily wipe the device, report it stolen and have the PO PO pick you up. I'm just happy apple is making attempts to reduce the crimes.
