Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Chaos Computer Club Bypasses Apple's Touch ID System (With Copy of Original Fingerprint)

ChrisA said:
The same why police "lift" prints from glasses in bars, car door handles, brass shell casing and so on. They have been doing this at crime scenes for nearly 100 years. No computers or high tech gadgets are required. I think the technique involves some kind of power and a paint brush.
Click to expand...

Your fingerprint is already on home button. So if they can lift fingerprint off the home button like police detective and scan it that is your key right there. Does not seem like it would take too long. Not looking good for Apple. Sorry to say it is Fingergate and future of mobile transactions using fingerprint scanning going down drain!
 
I think the social hacker would have an easier time figuring out the simple passcode. If you can get a 2400dpi fingerprint photograph I think you are close enough to just copying the passcode instead... :p
 
You do realize that the user's fingerprints are going to be all over the phone, right? So the code that protects the data on the device is written all over the device itself. You don't need a picture of the person's finger.

So if someone takes another person's phone for the purpose of accessing their private data, then it's a matter of lifting the print, duplicating the print, and unlocking the phone. Not that it's trivial, of course, but it would probably be a reliable method.
 
benji888 said:
If you lock out your iPhone, the person has to have your Apple ID & password to activate it, even if it is wiped/DFU mode, etc. It's finally true theft prevention, no one can steal your iPhone and use it anymore. Someone can't steal it to sell it because the person buying it can't use it.
Click to expand...

I don't lock my phone to STOP someone from stealing it. (They don't know I've locked it). I lock my phone so someone stealing it doesn't get access to my data.

Even if they don't want my data, they could still screw with it:
- delete all my phone numbers / appointments / notes / etc. and it syncs across the cloud to all my devices
- they could post stuff to my Facebook/twitter
- call/ text people
- reset my bank account passwords (by getting them sent to my e-mail).

Gary
 
also if you surgically remove the finger matched to the touch id you can use that to gain access to the phone... just saying, might be easier than all this photographing printing coating peeling moistening lol
 
It's still reasonably safe. If I start working as a secret agent and decide to carry state secrets in my Iphone I will not leave my phone around letting people scan my fingers and log in. For what I do now, the safety and convenience are fine.

I bet all the Android fanatics are going to rejoice like if they just won the lottery.
 
Those instructions date back to 2004. The video is of very poor quality given they've been apparently doing this for years. Hmmm,m.
 
phrk said:
It's funny how the Apple fanboys try to deny the fact that it's pretty easy to bypass the security of their new gadget. I own Apple products myself so don't get me wrong. But the CCC isn't a joke that claims stuff they didn't test. You just need a fingerprint on a bottle or something like that. And as someone already pointed out. Most of your scanners do 2400 dpi so no problem.
Click to expand...

Yes and I am sure we all have silicon printers to make the "real" fingerprint from. Don't pretend like this isn't going to extreme measures to break into the phone. The average person doesn't even know what any of this stuff means. They just hear " apple messed up again" "this sensor is unreliable" and then the stock price goes down yet again when this is probably the most secure way to lock your phone that is currently on the market. Much more so than the "drag your finger in a pattern" lock that Samsung has.
 
You need to look more closely

Come on boys and girls you're not paying attention. 8 pages of OMG they've cracked it and gloom and doom. Since when does an iPhone 4S have ID Touch?
I'm guessing none of you have seen a 5s let alone used the ID.

It's clearly a fake video and need no more that one comment and then move on.

K
 
ExitToShell said:
Most likely faked - especially considering the fingerprint of the 'hacker' was already entered into TouchID.

If not totally fake, how would one get a fingerprint clean enough to be scanned at 2400 dpi without the original user being present? The proper digit's fingerprint used for TouchID, no less.
Click to expand...

That's what I want to see them do, the whole process.

Plus, take 100 people's phones and take a reliable print and do the process, I want some numbers as to how useful this is. Also, I want them to handle the phone a little bit (as if they stole it) without rubber gloves, so that they have to eliminate fresh prints (that are on top of my prints).

Gary
 
I would like to see them allow you to use both the fingerprint and a passcode. Maybe the passcode to unlock the fingerprint? (or visa versa).

(Or just use your nose because that would be extremely difficult to find, let alone get a 2400 dpi scan).
 
Last edited:
So what. Let's not forget that it requires a clean, super-high resolution image of the user's fingertip.
 
Everything is Hackable given the resources and initiative.

I think passcode+fingerprint will become an option for some.
 
throys said:
Lol, the things people will do to get some publicity. Love touch ID and much safer and ease of use ESP using your phone in public areas.
Click to expand...
Tell me about it. :rolleyes:

People, even if someone could use this lengthy process (have you clicked on the "how-to" link in Thread post? The video does not show the steps to get the supposed fake print made, but, the link takes you to a page with somewhat vague description of how-to.), why would they bother? Activation Lock prevents them from using the phone as soon as you set it, the phone will be effectively bricked, they would need your Apple ID & password to get in. Fingerprint doesn't help here. http://support.apple.com/kb/HT5818
 
This find should fall under the "Duh!" category.

It worked in James Bond and in Mission Impossible....
 
This is why I'm locking mine w my tit and a Persian cat that I will carry around just for unlocking purposes.
 
ChrisA said:
Yes, as I wrote above, you simply "dust" the entire iPhone then place it in a 2400 DPI scanner. Now you have a 2400 DPI photo of the last person to use the phone's fingerprints.

Yes. It is worth the hassle. For two hours of work you get to sell a phone for like $200. Or maybe even better, there is credit card or paypal info on the phone.
Click to expand...

In 2 hours I can remotely erase my phone 20 times lol. And due to activation lock no one but me can use it. So, even if someone stole your iPhone 5s, by the time he would lift your print (even if it were successful), scan it, print it etc. the phone would have already been erased.
 
Not convinced this counts as a hack. Since the Touch ID was set up to read his fingerprint and since it's supposed to scan beneath your skin to ID the person, then how do we know it was reading his fingerprint through the wood glue? If another person's finger had been used to demonstrate the hack (which seems like an obvious decision to me) then I'd find it credible.

I'm not say this method doesn't work, just that this demo doesn't necessarily convince me. Even if it does work, seems like the prep time would be significant enough to give the victim apple plenty of time to contact Apple and have the phone wiped.
 
i have a easier way to do this

Just point a pistol to the owner of the iPhone and gently put his finger in the sensor....
If anything goes...this is probably easier that the "caos club method"
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back