Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
If you can just lift the fingerprint and scan it (my 12yo scanner does 2400dpi), then yes, you can do it without anything fancy.

Honestly, I'm not surprised that this is already broken. What I am surprised about is that Apple uses something "public" about you, the fingerprints you leave everywhere, as key to your Apple account. Keys should be secret, or very difficult to obtain. Your fingerprint certainly isn't.
 
While he might have "successfully" (which I am highly skeptical. Wouldn't it make more sense for him to give the latex fingerprint to SOMEONE ELSE that wasn't him to prove that anyone could use it?) bypassed the fingerprint lock, there are a couple things to keep in mind here.

1. If the phone is reset, you have to enter a passcode before you can start utilizing the fingerprint scanner.

2. If you haven't used the fingerprint scanner in 48 hours to log into the phone, it reverts to the passcode lock and wipes the fingerprint data. (so how long does it take to make these fake fingerprints?)

3. While he was able to log into the phone, he still doesn't have access to the fingerprint data that is stored in the secure enclave on the A7 chip.

I would have been MORE impressed if he was able to actually extract the data for the fingerprint from the secure enclave. Isn't that the point of this contest??? Not whether or not you can replicate a fingerprint?
 
I'm not sure I see the major problem. Still seems easier to look over your shoulder to find out a four letter code. I still think the fingerprint sensor offers vastly improved security. I think this must be considered within the context. The iPhone shouldn't be considered a top class security item you should be able to comfortably leave all alone as a CIA employee.
 
Please look at the video carefully, folks - he is using a different finger for unlocking the phone with the fingerprint copy.

I agree this hack should be replicated by others as a next step, but have no reason to expect anything than confirmation because generelly, the CCC has proven to be competent in what they do over over the last decades.
 
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

The average thief will not go to this trouble. They will say too hard and move on. And that is the market of thieves Apple is trying to kill here.
 
So let me guess this right.. First they have t steal my phone right ? then somehow copy my fingerprint then go thru all that trouble to unlock it? LMFAO Come on.... You call that bypassing? Must be a slow day in the news world...
 
I agree. I would like to see the "house hold items" bit removed from the story on the Front Page. They are not just using a piece of tape. I know it says a photo AND household items, but it's a bit deceiving IMO.

But then there would be no need for a front page story and thus no page clicks.
 
For those mentioning 4 digit passcodes, there is a somewhat hidden feature for longer digit only passcodes. Most people know about complex passwords, but don't want to type on the full keyboard to get into their phone. But if you create a complex passcode that is only digits it will still use the number pad for passcode entry, but you can have as many digits as you want!

Yes, my company has a custom iPhone security profile that requires at least 8 characters *and* a mix of letters / numbers :( I would be thrilled if I could just use 4 digits!
 
If this is the level of effort one has to go through to defeat Touch ID, I want it even more. It's a great deterrent to thieves and snoops.

Hopefully Apple puts it on all their iDevices.
 
This reminds me completely of the original Mission Impossible TV show (and the first movie) where they used latex images of fingerprints lifted off people. Of course it'll happen, will it happen to you? Likely not. EXTREMELY likely not. :rolleyes:
 
Same person who registered also used the photo print supposedly. I bet another unregistered won't work
 
It's funny how the Apple fanboys try to deny the fact that it's pretty easy to bypass the security of their new gadget. I own Apple products myself so don't get me wrong. But the CCC isn't a joke that claims stuff they didn't test. You just need a fingerprint on a bottle or something like that. And as someone already pointed out. Most of your scanners do 2400 dpi so no problem.
 
This is a workaround, not a hack bypass

This is not a true hack, it is a time intensive, elaborate, and costly workaround that could not be don't if they had not started with a print, then made a synthetic copy of the print.

What is a true hack. I want to hand these guys my phone and see if they can hack into it using nothing more the my print left of the home button, or some other software hack that accesses the stored print in the A7 chip.

I'm guessing this will prove to be nearly impossible, or so difficult that it is not even worth the effort of trying.
 
It's funny how the Apple fanboys try to deny the fact that it's pretty easy to bypass the security of their new gadget. I own Apple products myself so don't get me wrong. But the CCC isn't a joke that claims stuff they didn't test. You just need a fingerprint on a bottle or something like that. And as someone already pointed out. Most of your scanners do 2400 dpi so no problem.

How again is it "pretty easy"??
 
While he might have "successfully" (which I am highly skeptical. Wouldn't it make more sense for him to give the latex fingerprint to SOMEONE ELSE that wasn't him to prove that anyone could use it?) bypassed the fingerprint lock, there are a couple things to keep in mind here.

1. If the phone is reset, you have to enter a passcode before you can start utilizing the fingerprint scanner.

2. If you haven't used the fingerprint scanner in 48 hours to log into the phone, it reverts to the passcode lock and wipes the fingerprint data. (so how long does it take to make these fake fingerprints?)

3. While he was able to log into the phone, he still doesn't have access to the fingerprint data that is stored in the secure enclave on the A7 chip.

I would have been MORE impressed if he was able to actually extract the data for the fingerprint from the secure enclave. Isn't that the point of this contest??? Not whether or not you can replicate a fingerprint?

Yes, I was thinking the same thing.

I'm under no illusions that it's unhackable, but using it himself shows nothing really.

He should have at least shown it using a different finger!

Edit: just realised he DID use a different finger. Ignore me :p
 
You just need a fingerprint on a bottle or something like that.
And your phone. Anyone could take everyone´s fingerprint already. But for what exactly? Apple has given the tech junkies another target toy to play with and they like it.
 
Essential iphone thief tool bag: scanner, printer, latex, milk, glue and some sleeping pills to put the owner to sleep while working...
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.