Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack

jrswizzle said:
Newflash, no current security measure isn't vulnerable to a sophisticated, targeted attack by a skilled/knowledgeable individual or group.

My credit card info was just stolen last night.....I can tell you right now I am so ready for Apple Pay and will be actively trying to avoid places that don't accept it. At least until the chip/pin is viable here in the US. The few places where it works are apparently unbearably slow and inefficient.

Luckily for me, giving up shopping at Wal-Mart won't be too difficult....lol
Click to expand...

That and using iWork apps on a larger more mobile screen are what pushed me over to the 6 Plus.

I doubt any spur of the moment criminal is going to go through all of that trouble to get into my phone and steal my GBs upon GBs of slow mo video of me kissing my wife.

I can't wait for Apple Pay myself. Even in Baltimore Maryland, the county and city, there are TONS of terminals just waiting for me to wave my phone and go.
 
TsunamiTheClown said:
Isn't this a "Real Fingerprint" hack?

I think that the title is a bit misleading just like the last article on this dubious vulnerability.
Click to expand...

That's a good point. A very good point. The title almost suggests that "any old fake print" not belonging to the owner of the phone will work. And that's clearly not the case. I've seen this decline in quality reporting from both MacRumours and AppleInsider as both websites have brought on new writers.
 
jrswizzle said:
Newflash, no current security measure isn't vulnerable to a sophisticated, targeted attack by a skilled/knowledgeable individual or group.

My credit card info was just stolen last night.....I can tell you right now I am so ready for Apple Pay and will be actively trying to avoid places that don't accept it. At least until the chip/pin is viable here in the US. The few places where it works are apparently unbearably slow and inefficient.

Luckily for me, giving up shopping at Wal-Mart won't be too difficult....lol
Click to expand...


the use doesnt use the chip thing in the cards yet?
 
What a load of rubbish. Its technically possible to do lots of things. Are they going to actually happen? No
 
Lord Hamsa said:
And the number of times this "hack" has actually been used successfully in the wild is...?
Click to expand...

And the number of :apple: Pay transactions you have done so far is...?

So far there just hasn't been any sufficient gain to justify the effort in the wild. That could quickly change! Although I admit a criminal would rather cut off your fingers (all of them, just to make sure) after stealing your iPhone, rather than undergoing the effort to extract any fingerprints from you...

On the other hand, if you're in the bar, leaving all your fingerprints on glasses, and maybe leaving your iPhone on the table nearby...
 
till213 said:
And the number of :apple: Pay transactions you have done so far is...?

So far there just hasn't been any sufficient gain to justify the effort in the wild. That could quickly change! Although I admit a criminal would rather cut off your fingers (all of them, just to make sure) after stealing your iPhone, rather than undergoing the effort to extract any fingerprints from you...

On the other hand, if you're in the bar, leaving all your fingerprints on glasses, and maybe leaving your iPhone on the table nearby...
Click to expand...

If the iphone is on to pay for something find your iphone will work and you have nothing to worry about.
 
Can any process that requires hours of work and physical access to the phone really be called a vulnerability?

When will Apple prevent my phone being vulnerable to being hacked by Tom Cruise as he's suspended from a wire through a hole in my ceiling?
 
Good idea! Encourage people to avoid the MOST secure option in favor of LESS secure options!

(Yes, a fake fingerprint is possible to make in theory. But is it possible to make quicker than the victim can remote wipe the phone? Also, you don't get unlimited tries, making fake fingerprints a gamble at best. Especially if what they have is a fingerprint they think is probably yours but don't know which finger it is! SO many stars have to align for such a crime to work--compared to simply saying "give me your phone and code or else.")
 
Last edited:
coolfactor said:
The guy contradicts himself in his own report. First he says there's been little improvement made to the sensor, and then he says that the sensor's resolution has likely been improved making it less likely that a poorly cloned fingerprint will work. Ummm, wouldn't that qualify as a little improvement to the sensor since it was fooled just as easily as the original? Duh.
Click to expand...

I don't think there's any contradiction at all. The guy actually explains himself fairly well. If you edit your question, it becomes rhetorical. ;)
 
nagromme said:
Good idea! Encourage people to avoid the MOST secure option in favor of LESS secure options!

(Yes, a fake fingerprint is possible to make in theory. But is it possible to make quicker than the victim can remote wipe the phone? Also, you don't get unlimited tries, making fake fingerprints a gamble at best. Especially if what they have is a fingerprint they think is probably yours but don't know which finger it is! SO many stars have to align for such a crime to work--compared to simply saying "give me your phone and code or else.")
Click to expand...

I blame MR for the fear mongering headline. :eek: The information contained in the post is a bit more reasonable. Even the hacker states the sky isn't falling and his method is only useful in a specifically targeted attack; a surreptitious attack. "Gimme your phone and code" is a different type of attack altogether.

I would encourage people to read the post instead of the headline and any fear would be alleviated. <-- That's a general statement not an implication that you didn't read the post. Your reputation precedes you, so I know you did.:)
 
jrswizzle said:
Newflash, no current security measure isn't vulnerable to a sophisticated, targeted attack by a skilled/knowledgeable individual or group.

My credit card info was just stolen last night.....I can tell you right now I am so ready for Apple Pay and will be actively trying to avoid places that don't accept it. At least until the chip/pin is viable here in the US. The few places where it works are apparently unbearably slow and inefficient.

Luckily for me, giving up shopping at Wal-Mart won't be too difficult....lol
Click to expand...

Hilarious. What you really mean is you’ll use it where convenient. But down the road where they have a half price sale yet don’t have TouchID, you’ll conveniently forget that the competitor shop is less secure.

----------
bwillwall said:
In other news, if somebody gets your passcode they can get into your phone.
Click to expand...

Your passcode, (mine’s a ten digit mixture of caps/lower case, numbers and symbols but could easily be more), can easily be changed. I’d suggest more easily than your fingerprint. A lot more easily.
 
nathan.l.larsen said:
If the hacker were to want to use this with Apple Pay, wouldn't they also need to have the person's phone as well?
Click to expand...
Their phone and a forensic duplicate of their finger print. I think its easier to lift their passcode off of finger smudges in the screen.

This "report" is complete FUD!

The only way this is an issue is if cops get your phine and you refuse to unlock it. Maybe they can take it in a lab and forensicaly unlock it.

For payments this is MORE secure than anything else.
 
MacRumors said:
…..The sky isnt falling. The attack requires skill, patience, and a really good copy of someone's fingerprint -- any old smudge won't work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it's highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.

Article Link: iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack
Click to expand...

Even though the sheer possibility gives reason to pause, I think the highlighted sentence above is the important thing to remember. This hacking of TouchId is too complicated, difficult and cumbersome to happen on mass scale, so for most of us it's reasonably secure.

The ears of the NSA are no doubt perked up though.
 
coolfactor said:
That's a good point. A very good point. The title almost suggests that "any old fake print" not belonging to the owner of the phone will work. And that's clearly not the case. I've seen this decline in quality reporting from both MacRumours and AppleInsider as both websites have brought on new writers.
Click to expand...

Well honestly i totally understand why MR runs many of the stories that they do, and while my expectations are managed as to what calibre of writing I will encounter on a self-proclaimed rumors site, there is still the odd article that is well written, thoughtful and informative now and again (e.g.. the third-party keyboard article earlier this week).

Your point about the writing is well taken. I think that the title to this article could be much more subtle and still bring this "hack" lol to the community to discuss.

----------
Gasu E. said:
Tthe President of the USA should definitely avoid storing the nuclear activation codes in the iPhone.
Click to expand...

Lol are they still "0000" these days or what?
 
Call W and tell her to put Q on the case stat!


yawn, even 'bump proofs' locks are bump-able w the proper knowledge.
 
Bacong said:
This is not news. Why even report this? Average person sees "Touch ID vunerable" and doesn't use it. Meanwhile, the contents of the article, just as last year, CLEARLY indicate how extremely difficult and unlikely this is to ever occur to anyone, or that it's even worth the effort, or possible to do quickly enough before the phone is remotely wiped (the function of which I'd hope anyone who has sensitive information on their phone is aware of)
Click to expand...

Not normally one to criticize Macrumors, but I agree. Articles like this do more harm than good. Geez.
 
Only a forensic tech can pull this off. If you are not a person of interest in any investigation, fear not. This article will touch off a storm of paranoia, such that people would look funny and suspicious wiping off every object they touch in publc.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back