1/10 (10 digits on the number pad) x 1/4 (four possible digits) = 1/40.
Nope. 4 digits with 10 possibilities per digit = 10 x 10 x 10 x 10 = 10,000 possibilities.
1/10 (10 digits on the number pad) x 1/4 (four possible digits) = 1/40.
Well there goes the FBI, CIA and Her Majesty's Secret Service orders.
You do realize that the fingerprints left behind have never been replicated so a reader would recognize them. They are made of oil and damage easily. A fingerprint analyst will look at 15-20 characteristics while a scanner will scan hundreds to thousands. Nor does a lifted print have anywhere near the DPI necessary to replicate.
Not to mention the complexity caused by the fact that you really need the mirror of the print to duplicate it.
They are made of oil and damage easily. A fingerprint analyst will look at 15-20 characteristics while a scanner will scan hundreds to thousands.
no real fact ? Besides that the biggest hackers club in europe showed it can be done .You know it isn't a fake? Because ? I'm only hoping for the truth. You on the other hand seem to want this to be true, and don't really care that you have no real facts to base your opinion on.
You may be right or you may be wrong...deal with it.
couple of hours, you say
let's see
for 4 digit pin we have 10000 combination
you can make only 3 mistakes, after that you have to wait for 5 min i think
so at very least it will take around 6 min for 3 attempts, max time
around 20000 min = 333 hours, ok 300 hours
so good luck with that
You do realize that the full document on CCC's site that goes into the process and how it was accomplished used a latent fingerprint left behind on an object.
As a police officer friend of mine once told me, lifting prints is "so easy even a cop can do it".
Please look at the video carefully, folks - he is using a different finger for unlocking the phone with the fingerprint copy.
Somebody went to a lot of trouble to prove nothing
The layer 'scanned' by the capacitive sensor is, indeed, under the skin. However, it is not so far 'under the skin' that the shapes differ significantly from the surface, and it doesn't do some uber-high-tech cellular scan or anything. What the 'under the skin' 'scan' buys isn't extra security, it's resilience to surface skin damage (such as paper cuts).
Decent fingerprint readers these days do some 'life checks' which include a capacitive requirement similar to a human finger, temperature readings, and possibly even pulse-detection. These can all be 'faked' by making sure the print overlay is thin enough to pass through your own natural capabilities, but thick enough that it won't read your own print behind the fake.
It would be interesting to find out if folks who don't have visible fingerprints (due to any number of reasons) might actually still have the underlying structures in a form detectable by these scanners. I'll have to check with my M-i-L if she upgrades to a 5s, she's lost her fingerprints to 50+ years of playing guitar.
Two points.
First, on average you'll only have to try half of those combinations, so that's only about 160 hours or so.
Second, as others have pointed out in this thread, you can often get an idea of which digits are pressed most often by looking at the oil patterns on the screen of the phone. (In much the same way as you can get the fingerprint, but involving less equipment.)
That essentially reduces it to a 4x4x4x4 problem, which only takes a maximum of 256 combinations, putting it *firmly* into the same time frame as the fingerprint method described here. There's also the possibility of unobtrusively 'shoulder surfing' a 4-digit pass code. You can't really do that with a fingerprint.
The fingerprint is, when you factor everything in, about on par (but a little better) than a 4-digit PIN in the worst-case scenario, and potentially much better.
It's still much worse than a decent alphanumeric pass code, and shouldn't be considered hardened security by any measure.
Here we go! This bad news!
If you have 4 smudges on screen it would suggest that each digit in the pin is different so wouldn't that come down to 4 x3 x2 x1 = 24 Combinations?
You could run those in under an hour.
And who's to say that finger wasn't already taught?
It seems more likely the scanner is reading through the material.
Can someone with an iPhone 5S in front of them please confirm or deny this thesis by a simple experiment. Does your print still register when you cover it in a few layers of cling film, for example?
This confirms or disproves nothing.
Their is no reason to believe a respected group such as CCC would go around faking something like this. Really people, get real.
It is far more likely that they found a way around apple finger print system. Albeit a very convoluted way, that might not work well in the real world.
I just used this video as a basis for AT&T to refund my money and reinstate my upgrade. Without a truly secure system this update has nothing for me. Maybe iPhone 6 will bring more stuff.
Get real, indeed.
I've never heard of the CCC before now, so unlike yourself, I have a myriad of reasons to question the veracity of their claims.
And to offer a counter-point, I say that it is far more likely that they are a "hacker club" of linux-neckbeards who'd just love to be a spoiler on Apple's fancy new technology, even if it meant fudging the numbers a little bit.
This is all fake! He still used his finger the whole time. The sensor in the phone is very sensitive and will see right through that latex. If he would of used something other than his FINGER you might have something. Also, why is he shaking so bad? What is he afraid of?
Oh please. What about the fact that the CCC is a highly reputable hacker organisation whose experts work in parliamentary commissions? And the member who demonstrated the Touch ID hack has worked with sensors like this one for at least 10 years. It seems ridiculous to insinuate that they would risk their reputation for this.And who's to say that finger wasn't already taught?
(apologies if this is mentioned later in the thread - haven't made it through all of them and wanted to get my thought out)
It seems more likely the scanner is reading through the material.
Your password you can change once it's been stolen, your fingerprints stay the same for your entire life and you leave them everywhere. If you touch a can of soda in a bar everyone with a bit of basic knowledge can take a high-res photograph of it and print our your fingerprints in 3D within 30 Minutes.