Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)
- Thread starter MacRumors
- Start date
- Sort by reaction score
This video is BS. I'm switching to 9to5 Mac. So tired of Mac Rumors posting bait and click stories. Everything else they post comes from other sources first. So long. I'll let the door hit me on the way out to speed up the process.
Why are people surprised by this, like its news? Here's a tip, if someone comes up to you ands asks you to make a 2400dpi scan of your finger, say no.
This isn't a hack, this is still the reader responding to a perfectly accurate facsimile of the owner's fingerprint. And no one else's.
If you leave your phone at the AMC or Bar, tell me how this is going to work for the finder of your phone?
This isn't a hack, this is still the reader responding to a perfectly accurate facsimile of the owner's fingerprint. And no one else's.
If you leave your phone at the AMC or Bar, tell me how this is going to work for the finder of your phone?
The CCC is to some degree the German equivalent of the Electronic Frontier Foundation in the US. They are not some random web site. They would not fake such a thing, as the EFF wouldn't do it. The have way too much reputation built up over a lot of years that they would risk that for flash publicity.
These sophisticated scanners that you described probably cost way more than the whole iPhone. I suspect that sensor in iPhone costs about two bucks.
A SledgeHammer
Now that im thinking about it, all you need to open my front apartment door is a SLEDGE HAMMER, available at all hardware stores for 20$.
Somehow, i still feel secure. Damn Apple, they told us it was secure! All you need is the finger in question, a 2400 dpi scan and a 17 step process that have 17% chance of working. So much for my iphone security...
Now that im thinking about it, all you need to open my front apartment door is a SLEDGE HAMMER, available at all hardware stores for 20$.
Somehow, i still feel secure. Damn Apple, they told us it was secure! All you need is the finger in question, a 2400 dpi scan and a 17 step process that have 17% chance of working. So much for my iphone security...
Yeah, because getting a 2400 dpi photo of someone's fingerprint and going through this is so easy. Unless you've got top secret info on your phone, who the hell is going to go through the trouble? And in that case, you could probably just hold the person at gunpoint or something to get the passcode anyway. Nothing is 100% secure. This isn't news.
THIS is the problem...
A simple three step process to unlock ANY iPhone
You don't even need access to the user or even need to know who owns the phone because the owner likely left the "un-lock key" all over the phone in multiple places
A simple three step process to unlock ANY iPhone
- Get stolen iPhone
- Lift a finger print from the back of the iPhone or from the glass (Most iPhone users do not wear gloves and leave finger prints all of the glass and the backs of their iPhones
- Use the lifted finger print to unlock the phone.
You don't even need access to the user or even need to know who owns the phone because the owner likely left the "un-lock key" all over the phone in multiple places
They do not to need to make 2400dpi scan of your finger. They can make 2400dpi scan of your fingerprint. That's a big difference.
BTW, I am fairly sure that the resolution of Apple's scanner is way lower than that so it's not clear if this high resolution is even required.
This is not true with iOS 7, not with Apple's new Activation Lock feature. If you lock out your iPhone, the person has to have your Apple ID & password to activate it, even if it is wiped/DFU mode, etc. It's finally true theft prevention, no one can steal your iPhone and use it anymore. Someone can't steal it to sell it because the person buying it can't use it.
http://support.apple.com/kb/HT5818
Yeah, the guy is definitely shaking his hands because he knows he's doing something wrong.
All I know is that by the time someone gets your phone, gets a good copy of the fingerprint you use, and goes somewhere alone to do what they are doing, you'd have the iPhone wiped clean.
Sorry, but there are so little reasons to be concerned over this, it's not even worth the energy discussing.
NeXT topic.
All I know is that by the time someone gets your phone, gets a good copy of the fingerprint you use, and goes somewhere alone to do what they are doing, you'd have the iPhone wiped clean.
Sorry, but there are so little reasons to be concerned over this, it's not even worth the energy discussing.
NeXT topic.
aww, its sounds so easy
well the its pretty simple, if someone gets ur fingerprint, your iphone will open if you are using touchID
How hard is that to understand.
well the its pretty simple, if someone gets ur fingerprint, your iphone will open if you are using touchID
How hard is that to understand.
And how exactly do you plan on "lifting" the print? Because so far, it seems like the video has set the bar for how "easy" it is to lift it properly....
Not so simple anymore, huh?
Yes, as I wrote above, you simply "dust" the entire iPhone then place it in a 2400 DPI scanner. Now you have a 2400 DPI photo of the last person to use the phone's fingerprints.
Yes. It is worth the hassle. For two hours of work you get to sell a phone for like $200. Or maybe even better, there is credit card or paypal info on the phone.
Lets accept that this technology is an autocratic governments wet dream and that it is dead now! Too much uncertainty.
Like Apple products but hate that their doing this to their customers
Like Apple products but hate that their doing this to their customers
Most likely it's not that relevant for common thieves (as you can still remotely wipe the device), but for situations in which someone already has your fingerprint (i.e. the government).
Assuming this method is legit, which I'm still highly skeptical of.
The funny part indeed is that if one follows Apple's presentations s/he might think that iPhone's scanners checks something deep under the skin (i.e. not ever a fingerprint per se) but in reality it turns out that the scanner is just your regular primitive fingerprint scanner (i wonder if they intentionally avoided using "fingerprint" in the feature name and went with vague touchID instead to fool people into thinking there is more to it than just fingerprint)
The same why police "lift" prints from glasses in bars, car door handles, brass shell casing and so on. They have been doing this at crime scenes for nearly 100 years. No computers or high tech gadgets are required. I think the technique involves some kind of power and a paint brush.
My bet is that almost every iPhone user uses the same finger to unlock the phone and to select icons on the glass screen. So his un-lock print will be left of the front glass in many places.
This is on par with Apple lately.
Tell us that the fingerprint scanner uses infrared to read layers beneath the surface, yet it doesn't...
Then you have a day one lock screen bypass... Which they had to know about... just like every other iOS release with a lock screen workaround.
They are also bricking Apple TV's...
Jesus, Apple...
And no, I'm not concerned about my fingerprint or phone but that's not the point now is it...
Tell us that the fingerprint scanner uses infrared to read layers beneath the surface, yet it doesn't...
Then you have a day one lock screen bypass... Which they had to know about... just like every other iOS release with a lock screen workaround.
They are also bricking Apple TV's...
Jesus, Apple...
And no, I'm not concerned about my fingerprint or phone but that's not the point now is it...
There is a simpler method. If they chop your finger, they will definitely be able to unlock the phone (contrary to some claims in the media)
Most likely faked - especially considering the fingerprint of the 'hacker' was already entered into TouchID.
If not totally fake, how would one get a fingerprint clean enough to be scanned at 2400 dpi without the original user being present? The proper digit's fingerprint used for TouchID, no less.
All they may be able demonstrate is you can "hack" your own iPhone with TouchID registered to your own fingerprint. Whoopee.
If not totally fake, how would one get a fingerprint clean enough to be scanned at 2400 dpi without the original user being present? The proper digit's fingerprint used for TouchID, no less.
All they may be able demonstrate is you can "hack" your own iPhone with TouchID registered to your own fingerprint. Whoopee.
This is an issue with any fingerprint security and not just with the new iPhone 5S.
There was a Myth Busters episode which showed that a fingerprint could be photographed, blown up in black and white, then the image cleaned up, then the image reduced to normal size and it could fool the fingerprint security device.
It's a limitation of this kind of tech if someone with patience, time, expertise and equipment gets hold of someone's fingerprint.
There was a Myth Busters episode which showed that a fingerprint could be photographed, blown up in black and white, then the image cleaned up, then the image reduced to normal size and it could fool the fingerprint security device.
It's a limitation of this kind of tech if someone with patience, time, expertise and equipment gets hold of someone's fingerprint.