You clearly don't know what the CCC is doing.
Not just in this case, but in general.
Glassed Silver:mac
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chaos Computer Club Demonstrates How to Reproduce Fingerprints Using Public Photos
- Thread starter MacRumors
- Start date
- Sort by reaction score
You clearly don't know what the CCC is doing.
Not just in this case, but in general.
Glassed Silver:mac
Eh?
I also don't understand why so many people only relate this to touch id.
The real security flaw seems to be the easy access to a powerful person's fingerprints through public photos.
Some people have already stated their joy at Touch ID, saying they can now check their spouse's messages and other stuff while they sleep 
no more proving the point that biometrics as an end all security is stupid at best.
It is the issue of far to many people rely on it as end all the security.
Access to stuff should not be biometrics only. The correct security is something you know (password) and something you have (biometrics) One or the other is huge gaping holes.
----------
not really. They could easily lift it off of a glass you used or something you touched.
Actually, fingerprints belong to the factor of "something we are". "Something you have" is more so stuff like a electronic badge or ATM card.
As the article stated, the same guy has shown last year that you can use an image of a fingerprint (they used a scan from the iPhone's glass surface) to make a copy that will be accepted by the iPhone. There is a summary of that, with some English text, at the end of this year's presentation: http://youtu.be/pIY6k4gvQsY?t=32m0s
The topic of the presentation discussed here was what you can do with photographs taken from a distance or with the camera of your smartphone, if that has been taken over.
Yes, an RF type sensor like TouchID measures the transmission of a signal from the outside metal ring - through your finger - and out the subdermal ridges to the antenna grid in the middle of the circle.
But all that does is make surface abrasions less of a problem with recognition. The sensor itself has no clue how deep the fingerprint really is.
All that matters to the sensor is the relative signal strengths. That's why sticking a slightly 3D fake print on top of your own finger works.
This technique, which the CCC used to fool TouchID, was first published around 2001.
Hmm, did read the title and article, but it's still a bit unsettling to think it's this relatively easy. Especially given how the Touch ID hardware and software costs a pretty penny on the devices that have them. FWIW, I would've been more 'fine' with something more elaborate, like a mold or something.
I did some testing with a face recognition software, and wasn't able to use a portrait printed on paper. AFAIK, the camera has a way to determine if the subject has 3D features as opposed to 3d on a flat plane.
I think ya'll are missing the bigger picture. If you can replicate a finger print, you can replicate it for criminal activities. Simply apply the false print on your fingers, commit the crime, and peel off the fakes and walk free and clear (if you did a good job). Now the investigators are going to question the prints of someone else.
On a serious note, 2 factor is always the best. I have to badge in and also perform a biometric scan. My photo, name, and credentials about me appear on the screen at the front security desk.
I wish the iPhone required both finger print and 4 digit code if enabled to unlock it. I also wish it locked out after 3 false attempts and requiring 30 min wait time. To bypass the 30 min wait time, you'd have to perform other questions/answers on your device to remove the 30 min wait time.
On a serious note, 2 factor is always the best. I have to badge in and also perform a biometric scan. My photo, name, and credentials about me appear on the screen at the front security desk.
I wish the iPhone required both finger print and 4 digit code if enabled to unlock it. I also wish it locked out after 3 false attempts and requiring 30 min wait time. To bypass the 30 min wait time, you'd have to perform other questions/answers on your device to remove the 30 min wait time.
Not at all. Many have started that by obtaining someone's register fingerprints (birth certifcate, mug shots and military ID) and the right image processing technology, you can get a fingerprint to compromise a fingerprint scanner.
Just with a high resolution photo of a fingerprint is damn impressive work.
You're right, so we have "something you have/are" (which can be stolen and the Chaos club are showing stealing what you are is becoming easier for the determined person) and something we know (and as long as it's not an easy password/PIN hopefully something that takes a long time to crack).
Even with these reports of being able to fake fingerprints and fool systems, I'm looking forward to Apple Pay coming to the UK and being able to use it - once my contract with my 4s expires and I can upgrade!
The best security has to be convenient enough for people to use, but strong enough to be a deterrent. In that case a 8 character password is arguably more secure, but also more likely for people not to use it. Why do I say arguably? Because people have a tendency of forgetting their passwords and therefore choose weak passwords that are easy to guess. In that case a password of 87654321 isn't going to be more secure than TouchID.
The point is that TouchID can't be cracked by guessing or looking for smears on the phone, it takes a drawn out process that requires time and skill. That combined the the convenience of use and the deterrent factor make it the best...imo.
Yep, I'm waiting for the first TV show or movie to use a faked print to incriminate someone (or provide a fake alibi !!) by using Apple Pay at the scene of a crime.
Apple seems to have thought of the same thing. Witness their patent on using a combination of TouchID plus rotating the fingertip to "dial" combination lock numbers.
Good god, just wear gloves.
This ongoing fingerprint "hacking" remains the dumbest waste of time around security I've ever seen.
Typical Apple fanboy...
Does something against Apple or points out something interesting about technology middle related to Apple...
Then they are criminals wasting THEIR time.
HAHA fanboy.
Try having 2 thoughts at a time. It may hurt at first, but you'll get used to it. Maybe you can even move on to 3.
Just use Slo Mo Camera
All Modern Smart Phones have a SloMo camera mode. Capturing a pin would be childs play compared to a fingerprint from multiple angles.
All Modern Smart Phones have a SloMo camera mode. Capturing a pin would be childs play compared to a fingerprint from multiple angles.
That's easier than spying a passcode or PIN as it is entered? We may have different definitions of easy.