This possibility and the solution were already discussed before this hack video came out. Simple solution - only program Touch ID to recognize the tips of your fingers that you would normally touch the home button with anyway. It is highly unlikely that you will leave usable prints of the tips of your fingers on accessible objects since you don't ordinarily touch things that way. Certainly not on the case of your phone and any prints on the touch screen are likely to be hopelessly smeared, if they are even readable at all.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
I think that this action alone basically invalidates whatever concerns people have about the fingerprint scanner.
Yes, CCC showed that in theory you can bypass TouchID using a copy of a fingerprint.
Now, here's the reality: if somebody steals my phone from me, I guarantee that I'll have the thing locked via iCloud before he can take my phone back to his lab, extract my fingerprints, scan them, construct the duplicate, and unlock my phone.
With control center disabled on the lock screen, the only way to disable Find My iPhone will be to turn it off-- and then the phone will require a passcode anyway when it's turned back on.
Taking the SIM card out is the obvious and easiest way to disable the remote wipe and lock. From that point on, it's all up the hacker to get into the phone.
Are you serious??? This requires a lot of pissing about, and assumes that you have a high-res photo of the original user's fingerprint; something that basically NOBODY is going to have sitting around. Get a ****ing grip. This cannot even vaguely be considered a genuine security threat.
I love it...another silly security gimmick that gives the boys something to do until they crack it and move on to the next silly security gimmick. 
Some people here is so fanatic that also when an eviden failure in Apple product (or offering) is made, they Jury it's rigth no matter the evidence pointing a different direction, the most iconic case was the iPad mini (many people here about speel any concept against 7-8"tablet ant how useless, then apple launched the iPad mini, ohh awesomeness).
When fingerprint scanner was just a rumour many people here attacked it as: Impossible, Apple will never... (same ridiculous arguments ever), now same people agains the evident limitations of the tech (and because is the only of two selling arguments of the iPhone 5S which lacks features compared with rivals rich offerings).
So far, the Touch ID sensor is a nice feature, not bad to have, but in no way is the Panacea of security neither a hardcore safety feature, its just an improvement necesary for LAZY USERS THAT NEVER USE A PASSCODE, but in NO WAY IS AN HARDCORE SAFETY MEASURE, its at the JUST A BIT BETTER than FACE UNLOCK (security savy android users dont rely on face unlock either).
A well know situation, just dont use Touch ID to unlock the device, instead only a long passcode.
iOS 7 Activation Lock maybe an better dissuasive than Touch ID, for sure, BTW devices stolen by organized criminals too many times ends on repair houses as spares (Screen, Cases use to be cost few hundred, and is where most stolen devices ends (if cant edit the imei).
I Owned an Galaxy S4 loaded with Cerberus and Rooted, criminals assaulted me, and (cerberus offer a similar grade protection as Activation Lock) I managed to remotely erase the phone (keeping cerberus to inform the police) but the phone only reported an location, then I assume was dismantled, no way to know where it is), similar situation If the Stolen device is my iPhone (now I'm using my old 4S until the Note 3 intl is released, I''l replace my stolen S4 with an Note 3).
Not immediately but in mid terms, common thief will end to target cellphones as long as Activation Lock, Knox, Cerberus and other solutions take on an enougg volume of devices to end the "GOLD FEVER"on stolen high-end SmartPhones. Anyway Stolen Spare Parts will still delivering utilities to thiefs, but in much minor grade (1/8).
No, just inmprove safety for Lazy Users, actually iOS 7's Activation Lock is the best Anti-Theft dissuasive on the iPhone.
iPhone's lose by far on this level of attack, only Android devices with encripted file system provide enough protection of the information, and of course an long unlock code is mandatory.
Actually its too easy to get an good quality fingerprint, criminals only need an clean glass with your fingerprints and few chemicals easy to find, and special latex gloves (easy to find too), just a bit of chemistry, of course as proof of concept CCC don't need to develop such tools (easy to load on a mint box), they only need to prove Touch ID can be defeated.
Unlikely, very hard to find the right one with enough quality, so a bit of social engineering or an violent forced fingerprint sampling is required to get an clean fingerprint.
Few Minutes if the Thief are loaded with the chemicals and required tools.
Your secrets maybe saved, but your device surely will end at some repair house as spares source, All the iPhone Contents maybe deleted (including touch ID) thru an System Restore (as we do when removing Jailbreak to Install an iOS update).
NO, and here is where the iPhone popularity and HIGH value PLAYS AGAINST when Carriers started to ban Stolen devices by Imei, soon appear on the market "IMEI REPAIR KITS" software/hardware tools thar allow to change an imei, and this happened in less than a Year (with an lot of internal cooperation of some employed or criminal infiltrated), and I given the low tech required to defeat Touch ID, it surely will take much less time to be on internet some "kits" to clone fingerprints.
BTW in the near future, as soon as root measures as Activation Lock (iOS), KNOX/CERBERUS/KITKAT/OTHERS(Android), ??/WindowsPhone, protects enough devices to lower the atractive od stolen high value smartphones, the crime rate related will keep high.
Its just an little step in the right direction, just OVER RATED BY APPLE'S ADVERTISING, because the iPhone 5s lacks real INNOVATION.
Last edited:
This is funny.
This method was used shortly after fingerprint scanners were introduced. That's why top security access usually requires a passcode, badge scan, fingerprint and/or retina scan. It's easy to fake one, but requirng 2 or 3 methods to be 'accepted' to gain entry is much tougher. Similar to what the web has with 2 factor auth.
It's just funny how it becomes explosive since it's Apple.
This method was used shortly after fingerprint scanners were introduced. That's why top security access usually requires a passcode, badge scan, fingerprint and/or retina scan. It's easy to fake one, but requirng 2 or 3 methods to be 'accepted' to gain entry is much tougher. Similar to what the web has with 2 factor auth.
It's just funny how it becomes explosive since it's Apple.
This isnt even news. If you have a security measure, it will be decrypted. I think the vocal majority on this issue needs to learn that they are not such special snowflakes they make themselves out to be. Nobody with access to the technology required to crack your fingerprint scan is dying to read your texts or emails.
I really don't understand what all the fuss is about. Unless you have the nuclear codes on your phone, you really shouldn't worry so much. If your phone gets stolen, you can render it useless before they have time to lift and copy any prints. Moreover, it's probably safe to say that TouchID will only improve in the future.
It's funny how there are so many people panicking about this. You are nothing special.
The ones who should be worried are either already trained killers or have an army behind them.
The ones who should be worried are either already trained killers or have an army behind them.
Can not understand lousy marketing of this.
If these geniuses are about to show the world their hack 'o the year, at least they should use generic language like English. But Germany, what the hell !?
Steve Jobs would roll over in his grave for this kinda thoughtlessness.
Same goes for them Russian bastards.
If these geniuses are about to show the world their hack 'o the year, at least they should use generic language like English. But Germany, what the hell !?
Steve Jobs would roll over in his grave for this kinda thoughtlessness.
Same goes for them Russian bastards.
Thanks but not exactly. I know about the 48 hour fingerprint timeout. The poster I was replying to was urging people to NOT use JUST a fingerprint... to please use a PIN number as well. I was pointing out that you can't even setup a fingerprint without enabling Passcode lock and creating a PIN.
This is all rather silly. I don't think the point of the fingerprint scanner is to provide government-grade security for storage of vital secret information. It's to improve the overall security and convenience of the phone for consumers. Right now I imagine that the vast majority of users do not use a passcode at all or use one that is too short because the inconvenience of constantly unlocking the phone outweighs what they judge to be a slight risk to their privacy. There is no doubt that for those users a fingerprint sensor will greatly increase the security of their phone and therefore will greatly increase the overall security of iPhone users as a group. And that's all it's intended to do.
Current implementation dont require both fingerprint and passcode, fingerprint only up to 48h.
would be nicer to enable requiring both fingerprint and passcode to unlock, this will increase the security level, and in case no fingerprint available use a long passcode or unlock via iTunes (connected to the mother PC).
Quick question. Do these lifted fingerprints still leave fingerprints? Where I am going with this is, why can't a company that has been making touch friendly gloves add unique identifiers to their gloves to allow for unlocking?
Or heck, why couldn't they produce a ring that does the same thing?
Or heck, why couldn't they produce a ring that does the same thing?
Exactly.
And even if they try to wipe it - they need the apple userID/pw.
The only thing I am not certain - can the thief pull the SIMM (instead of powering off) then using all the time they need for a fingerprint?
Even so - if trying to do a wipe it would still need the apple id/pw...
----------
Still need Apple ID/PW when pluggin it into iTunes to do a wipe.
how about this..
Beyond adding the ability to employ a print scan and pin code in tandem, it seems like it would be fairly simple for Apple to issue an update that allows the security conscious to opt for a coded series of fingerprint scans (i.e., thumb, thumb, index finger, ring finger). That would be pretty damn hard to crack in any reasonable amount of time.
Or, if you happen to be a super spy or a drug cartel kingpin, might be worth using your toe print lol.
Beyond adding the ability to employ a print scan and pin code in tandem, it seems like it would be fairly simple for Apple to issue an update that allows the security conscious to opt for a coded series of fingerprint scans (i.e., thumb, thumb, index finger, ring finger). That would be pretty damn hard to crack in any reasonable amount of time.
Or, if you happen to be a super spy or a drug cartel kingpin, might be worth using your toe print lol.