I used my wang. Simply slide my phone down the front of my pants, voila - it's unlocked.
----------
It's safer than 2-factor authentication! 2-person authentication! Quick - get a patent on that!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Demonstrates How to Reproduce Fingerprints Using Public Photos
- Thread starter MacRumors
- Start date
- Sort by reaction score
I used my wang. Simply slide my phone down the front of my pants, voila - it's unlocked.
----------
It's safer than 2-factor authentication! 2-person authentication! Quick - get a patent on that!
A solution exists ...
Fake finger detection (aka liveness detection) solutions exist that can protect fingerprint sensors from being "spoofed" by artificial fingerprints created from latent prints. See www.nexidbiometrics.com for one example.
Fake finger detection (aka liveness detection) solutions exist that can protect fingerprint sensors from being "spoofed" by artificial fingerprints created from latent prints. See www.nexidbiometrics.com for one example.
Chaos Computer Club Demonstrates How to Reproduce Fingerprints Using Public P...
Isn't this obvious? Make an old fashion ink fingerprint and digitize it for FBI files or snap a photo directly...that is what a fingerprint means by definition. I mean the TSA uses fingerprint cameras everyday. Errr and your iphone sensor.
Hot spit. This is no surprise.
However causally getting a 'quality' photo and then an iDevice and making it work reliability for a guy walking by on the street,,,not likely.
Same with facial or eye scanners. Nothing is bullet proof. Not even the nuclear deterrent. But it is a deterrent.
Certainly a lot better than having a guy at the table watch you type in 4 numbers on a BIG keypad.
Isn't this obvious? Make an old fashion ink fingerprint and digitize it for FBI files or snap a photo directly...that is what a fingerprint means by definition. I mean the TSA uses fingerprint cameras everyday. Errr and your iphone sensor.
Hot spit. This is no surprise.
However causally getting a 'quality' photo and then an iDevice and making it work reliability for a guy walking by on the street,,,not likely.
Same with facial or eye scanners. Nothing is bullet proof. Not even the nuclear deterrent. But it is a deterrent.
Certainly a lot better than having a guy at the table watch you type in 4 numbers on a BIG keypad.
Last edited:
I was under the impression TouchID used more than just your surface fingerprint? Didn't Apple say they use currents under your skin or something like that, too?
People warned me that my penchant for posting fingertip photos to Tumblr was going to get me in trouble - but did I listen?
The point is not has anyone done it, but is it possible. And now we know it is possible. As for the government -- if you are arrested you will have your fingerprints recorded; if you are a teacher, you will have your fingerprints recorded, if you have any type of clearance you will have your fingerprints recorded. You will be amazed at how many people actually have fingerprints on file. Taking pictures is just the latest way to compile a fingerprint without consent.
How do we know it's possible if nobody has actually done it? I'd like to watch this process from beginning to end; from obtaining all the high resolution photos required, turning those photos into a 3D fingerprint and then successfully using that fingerprint to unlock the phone. Has anyone actually seen that process end to end? And I'm not talking about a YouTube video that can be easily edited/faked.
Has anybody of you actually saw the presentation? I know it is in German, but there should be an English translation.
It's not that they made pictures of thumbs and eyes to collect the fingerprint and iris infomation. They just used photos from press conferences (the thumb in this news post is from Ursula von der Leyen, taken at one of her press conferences).
And cameras are getting better and better. In a few years even with a smartphone you can make pictures, hi-res enough to get these details.
And of course a 4 digits code is not secure, but why don't use something longer, like 6 or 8 digits. It is much harder for somebody to spot.
The biggest advantage of a passcode: If it gets compromised and other people now it: You can just change it! Try this with your fingerprint. If someone gets a copy of your fingerprint, this authentication method is compromised forever, you can no longer use it for your phone, laptop, door, etc.
It's not that they made pictures of thumbs and eyes to collect the fingerprint and iris infomation. They just used photos from press conferences (the thumb in this news post is from Ursula von der Leyen, taken at one of her press conferences).
And cameras are getting better and better. In a few years even with a smartphone you can make pictures, hi-res enough to get these details.
And of course a 4 digits code is not secure, but why don't use something longer, like 6 or 8 digits. It is much harder for somebody to spot.
The biggest advantage of a passcode: If it gets compromised and other people now it: You can just change it! Try this with your fingerprint. If someone gets a copy of your fingerprint, this authentication method is compromised forever, you can no longer use it for your phone, laptop, door, etc.
I'm trying to get the slides, but the links don't seem to work. So basically my question is, did they actually unlock an iPhone using this technique? It seems like all they did was make a fancy picture of a fingerprint and implied that it *could* unlock an iPhone.
Where's the proof?
Where's the proof?
Because the people I hang out with would not even think of going into my iPhone if I left it unattended. Maybe the up voters live similar.
Oh yeah I did that too. Some people say it's not as convenient as your finger but that's a ton of bs. Like right now I'm at Burger King. When I took my phone out of my pocket all I had to do was put my foot on the table, take off my shoe, take off my sock, then place my big toe right on the home button and I was in. For some reason people constantly ask me if I ok. But damn is my phone secure!
False headline: they did NOT find a way to use "simply" an ordinary extreme close up photo of the correct finger in good lighting. They found a way to use that (which is itself hard to obtain) instead of a physical object, as the STARTING point for the process. Actually manufacturing a working fingerprint copy (which they can only try a few times, in Apple's case) still requires specialized equipment and skill, time and money.
A lot more time than it would take me to remote-wipe.
Worth being aware of if you're a high profile target of planned and well funded espionage. But hardly surprising or new information, and doesn't change the value of touch ID for everyday users.
And they don't seem to have successfully unlocked an iPhone with it anyway!
A lot more time than it would take me to remote-wipe.
Worth being aware of if you're a high profile target of planned and well funded espionage. But hardly surprising or new information, and doesn't change the value of touch ID for everyday users.
And they don't seem to have successfully unlocked an iPhone with it anyway!
I think this is the scariest aspect - law enforcement using the decades-old fingerprinting process as a vector for unlocking personal data. I won't be surprised to see digital fingerprinting come onto the scene soon, unless there's laws already in place that mandate analog (manual ink-based) printing to avoid digital manipulation and abuse?
TouchID isn't meant to keep James Bond, Ethan Hunt, or Jim Phelps out of your phone.
So yeah it can be hacked. Not really a concern for us peons.
----------
Irrelevant in the US. No need for them to go to all that trouble; they can simply compel you to unlock the phone with your actual finger.
https://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/
So yeah it can be hacked. Not really a concern for us peons.
----------
Irrelevant in the US. No need for them to go to all that trouble; they can simply compel you to unlock the phone with your actual finger.
https://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/
Sure is. I find that checking out at a grocery store and watching the people in front of me punch in their debit card numbers is very easy to see over 90% of the time. Same with people logging into their non-touchpad cell phones.
https://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/
The police don't need to take a photo of your finger, they can just take your finger (not off your hand, but connected to it).
I've taken many pictures of my fingers. Of course, in each case, I was trying to take a picture of something else at the time.