Exactly. Incredibly low risk in the real world, particularly with a reasonable time limit before passcode required.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
Exactly. Incredibly low risk in the real world, particularly with a reasonable time limit before passcode required.
Wait just a minute there Apple!
You mean, if I clone someone, rapidly age them, drug them in case they don't want to cooperate, and place their finger on the sensor I can access their phone!?!?
EPIC SECURITY FAIL APPLE!!! EPIC!!!
I'm getting right on this. Will post results after I try to make a sandwich. I have failed 3 times already this morning (at the sandwich, not the cloning, aging, drugging thing... that will be MUCH more complicated...)
You mean, if I clone someone, rapidly age them, drug them in case they don't want to cooperate, and place their finger on the sensor I can access their phone!?!?
EPIC SECURITY FAIL APPLE!!! EPIC!!!
I'm getting right on this. Will post results after I try to make a sandwich. I have failed 3 times already this morning (at the sandwich, not the cloning, aging, drugging thing... that will be MUCH more complicated...)
You realize, of course, that after 5 failed attempts to make a sandwich, you are locked out of your kitchen.
Good luck with that cloning thing. No cheek swabs from me!
It looks like he only registers his index fingerprint but puts the sheet on his middle finger.
If anyone wants to put that much time and effort into unlocking my phone after stealing it, they can have it. The phone would be wiped clean by then.
ok so they employ a similar method on how a police gets the prints... but still only a determined criminal will do all of these for an iphone .. for an average crook who only wishes to resell the phone for profit - this method is cumbersome / lengthy ... and there is another feature on ios7 where you cannot just wipe the device clean without your passcode (again this assumes that the user setup this feature via "find your iphone")
Last edited by a moderator:
I dont think the point of Touch ID is to protect nuclear launch codes with James Bond level security. It's a simple solution for those of us that are too lazy to enter a passcode every time we unlock our phone, and therefore don't bother to set one up. I admittedly am one of those people, and am excited to have a more convenient way to secure my phone.
last time i checked you can register up to 5 fingers(not all at the same time).. what makes you think he didnt register that middle finger already ?
The print can be lifted directly from the glass on the phone, or any other surface the user has touched with his enrolled finger (bottle, coffee mug, door handle, etc). As is explained here: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en
I don't see this too complicated. I have worked with different fingerprint scanning technologies for well more than a decade, and there are ways of fooling systems, no matter how "secure" they seem. On some of the earlier capacitive sensors, it sufficed with just breathing on the sensor to "activate" the last fingerprint. Optical sensors were even easier to fool. A combination of optical and capacitive are more difficult, but still fairly easy to fool. In all, most biometric security systems for consumers are easy to break.
Last edited:
how is this bypassing if you new the person to gain access. so if I pull out a gun and demand your debit card pin number, would this be considered "bypass" ATM security? ... how about if I take your house key and make a copy of it, hey look i just bypassed your lock.
once some gains access without the person then i'll be impressed.
once some gains access without the person then i'll be impressed.
Clever boots. If real, I hope they get their reward. Hard to believe that a technique this simple was totally overlooked by Apple. Isn't it just the first thing you would try?
Does it make a difference to me? Not really. I view all passwords and biometrics as useful against casual theft only.
Will it make a difference to others? Maybe. Biometrics is the kind of difference that Apple can exploit cus' it needs hardware and software working together. Now Google and Micro are heading into hardware, like Apple. But if the biometrics is not convincing, it's not a sales proposition.
Might sell a heckava lot of "printless" iPhone cases. Eh?
Does it make a difference to me? Not really. I view all passwords and biometrics as useful against casual theft only.
Will it make a difference to others? Maybe. Biometrics is the kind of difference that Apple can exploit cus' it needs hardware and software working together. Now Google and Micro are heading into hardware, like Apple. But if the biometrics is not convincing, it's not a sales proposition.
Might sell a heckava lot of "printless" iPhone cases. Eh?
I'm not surprise by this simple hack, however Apple should've done lots of research how to hack iPhone in every possible ways by using hardware and software.
People out there aren't fools Touch ID is 100% joke.
People out there aren't fools
Touch ID is 100% joke.last time i checked you can register up to 5 fingers(not all at the same time).. what makes you think he didnt register that middle finger already ?
Would CCC do that to publish a phony video? For what reason? 15 minutes of fame and then an eternity of shame?
Does anyone remember how with in 48 hours of the phone not being unlocked it wont use the fingerprint anymore anyway? Also when it turns off. Even if they could get a perfect scan of your print how long would it take them to get it and set this up? This is something no one should really care about. O did i mention Find my iPhone's remote wipe paired with the new ios 7 activation lock? I mean really.....
So it's that simple...
Not as easy as a punch to the face to use you actual finger.