Edited. You are right just tried on the same iPhone. No password retyping required. I saw that when doing a separateb restore.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses
- Thread starter MacRumors
- Start date
- Sort by reaction score
Edited. You are right just tried on the same iPhone. No password retyping required. I saw that when doing a separateb restore.
and if you want access to music, you need to unlock iPhone Control center is life safer and disabling it for such thing would be overkill
Listen to.... what, exactly?
Pretty much all security can be bypassed if you have physical access to the device and enough time / money / resources / skill. Security on phones is no exception to this, indeed they can be far less secure than say a desktop as if it's stolen with other items those items often provide data to help bypass that security.
Touch ID is simply another form of pass code and all pass codes do is try to discourage the 'casual' theft of phones for resale and prevent a typical thief from accessing your data. Touch ID isn't suddenly going to turn a device into a digital Fort Knox. What it will do is actually far more useful - it removes a pain point and makes using a pass code far easier and more convenient (dare I say, even makes it a little bit fun). That, in turn, will see a far higher percentage of iOS devices having some form of security active and that will make them a less attractive target.
The only time anyone really needs to worry about this is if someone figures out a genuine bypass that removes security and gives full access to the phone that can be done simply and easily. Everything else is just grandstanding for media attention.
Apple ID 2-Step Verification Stops this
Even if they turned on Airplane mode and got the iCloud account email, Apple's 2 step verification would prevent a password reset since it also requires the Recovery Key.
Verify Your Identity: Step 1 of 2
Enter the Recovery Key you were provided when setting up two-step verification.
So, you can also protect yourself by implementing the 2 Step verification on iCloud.
Even if they turned on Airplane mode and got the iCloud account email, Apple's 2 step verification would prevent a password reset since it also requires the Recovery Key.
Verify Your Identity: Step 1 of 2
Enter the Recovery Key you were provided when setting up two-step verification.
So, you can also protect yourself by implementing the 2 Step verification on iCloud.
also enabling two step verification on your resque email will be life safer. However iCloud two-step verification isnt supported for all countries, so far no support for my country :/ while google and hotmail two step verification are working for me
I'm just pointing out what is important or not. Do you want extra security or do you want access to your music. I'm not suggesting people shut it off but if everyone is freaking out there is an option to remove access to airplane mode from the lock screen.
And once music is playing and you lock the phone you still have access to the controls to pause, fast forward and rewind, but yes you would have to start the music before you lock the phone.
I simply opened up my iPhone 5S and put a small incendiary device along the battery, which is wired to the Panic code on my home alarm system. Using the keychain remote for my alarm, I can torch my phone when it gets into the wrong hands. I demonstrated this first with an old iPhone 3G. My kids have wisely decided not take my phone without permission. They are however, always interested in the location of my keys.
Let me add a few steps/changes Apple should do:
- Do not allow phone to be turned off without passcode and/or touch ID. Passcode only would probably be better so if a they really want to copy fingerprint it won't buy them anything. This leaves only options to prevent tracking at removing battery or going into no cell service situation.
- Lock down any settings once in the phone to passcode required. I.e. Airplane Mode, etc.
- Make all options a user setting so if someone doesn't want their phone this locked down they can shut it off.
If you think about it, the settings we are talking about hardly ever get used so what is the issue making it more difficult to change these settings by putting a passcode in front of them. They already do it for passcode/fingerprint settings.
- Do not allow phone to be turned off without passcode and/or touch ID. Passcode only would probably be better so if a they really want to copy fingerprint it won't buy them anything. This leaves only options to prevent tracking at removing battery or going into no cell service situation.
- Lock down any settings once in the phone to passcode required. I.e. Airplane Mode, etc.
- Make all options a user setting so if someone doesn't want their phone this locked down they can shut it off.
If you think about it, the settings we are talking about hardly ever get used so what is the issue making it more difficult to change these settings by putting a passcode in front of them. They already do it for passcode/fingerprint settings.
i'm not important enough for anyone to go trough the trouble of unlocking my phone like that. if they take my phone, its just because they want the phone.
but if there's no lock to begin with, they will most likely sniff around.
so for me its just a convenience. a 4 digit key isn't safe either. but both are better than nothing.
but if there's no lock to begin with, they will most likely sniff around.
so for me its just a convenience. a 4 digit key isn't safe either. but both are better than nothing.
Amen to this. How many people leave literally one fingerprint on a phone and said fingerprint is full enough (as in the video above) and is not smudged in any way by other hundreds of prints on the phone? I know my phone screen is constantly covered with multiple fingerprints and there is no way a clear one like they have made would be lifted from the screen.
Seems impractical and too much of a hassle for this to even be a big deal. It's not as if some average person can easily snatch your phone and do this. By the time the thief has gotten the phone home and had several hours to do all of this this phone would have already been deactivated, remote locked, or wiped by the victim. This is something that Apple can pretty much ignore.
This is not low tech thieves' expertise but one belonging to forensic scientists. Anyone who knows how to lift my finger print deserves to hack into my phone, which stores nothing but dirty pictures. As for the phone itself, it is insured.#
No. A thief can simply turn the phone off (requires no pass code), remove the SIM card and take it away from the wifi network. Find my iPhone and remote wipe are now disabled.
Enable two-factor authentication and most of this "hack" fails. There is no way to reset the password and restore the phone, etc.
But, I do happen to like the "require pin after airplane mode" and "check erase status before email retrieval" recommendations. Hope apple implements both.
But, I do happen to like the "require pin after airplane mode" and "check erase status before email retrieval" recommendations. Hope apple implements both.
I know, what did that bullet point even mean? Don't print your password on your forehead?
*looks for eraser*
All you have to do is enable restriction with a different code than the one you use to unlock the phone and disable account changes and disable cellular changes.. That way noone can turn off find my iphone unless they know your passcode to disable/enable restrictions as well
And i thought find my iphone was built into the firmware.. Meaning if they turn it off they would still need your icloud credentials to access the phone and trust me resetting the password its not that easy... Its not the old enter old password enter the new password typ of form anymore.. All this prove its what we alrready knew.. Nothing its 100%...
And i thought find my iphone was built into the firmware.. Meaning if they turn it off they would still need your icloud credentials to access the phone and trust me resetting the password its not that easy... Its not the old enter old password enter the new password typ of form anymore.. All this prove its what we alrready knew.. Nothing its 100%...
Interestingly, some of the current optical fingerprint recognition systems have software smart enough to pick out individual overlapping prints (via FFT algorithms), in order to filter out leftover grease marks.
As for necessary print size, look at how small the sensor is. What, about 1/2" square?
So it should be possible for someone to write code to lift / photograph overlapping prints, separate out each one, and get a usable section. (And I'd put good money on the thumbprint being a registered finger.)
(I'm not saying anyone's going to bother to do the code. Just that it's not an insurmountable problem.)
Or a blade to cut off the finger of the phone's owner?
Joking aside, these fellows are just trying to get their 15 minutes of fame?
The printer is what the criminal would be carries around? Or does the criminal just carry a weapon instead?
How will one get such a perfect fingerprint on the oleophobic coating on the 5S glass? I dont even leave fingerprints like that on my GS4
Maybe if someone had their phone out you could press their finger on the screen but wouldnt you need to know which finger they registered in Touch ID?
Maybe if someone had their phone out you could press their finger on the screen but wouldnt you need to know which finger they registered in Touch ID?
Why are so many people freaking out over this? Security features on cellphones are relatively new, and ones that came beforehand were anything but foolproof. It really makes no sense because anyone can look at a phone, see the smudges, and guess the four-digit pin number. Few people are able to bypass the Touch ID.
Matter of fact, I would argue that Touch ID does exactly what it was meant to do. It increases the risks for those who would steal an iPhone while reducing the rewards. Even if the thieving party has all the equipment to bypass ios7 there is no guaranteeing that the phone has a useable fingerprint to lift, or that it is the correct fingerprint, or that the fingerprint isn't smudged during the thieving process. I think that the Touch ID is a great feature for the average person. People just need to step back and look at the whole picture instead of being pessimistic.
Matter of fact, I would argue that Touch ID does exactly what it was meant to do. It increases the risks for those who would steal an iPhone while reducing the rewards. Even if the thieving party has all the equipment to bypass ios7 there is no guaranteeing that the phone has a useable fingerprint to lift, or that it is the correct fingerprint, or that the fingerprint isn't smudged during the thieving process. I think that the Touch ID is a great feature for the average person. People just need to step back and look at the whole picture instead of being pessimistic.
That would be an improvement, but would also be defying the ease-of-use Touch-Id was supposed to bring us.
On the one hand, I'm glad these security researchers are doing this, letting us (and Apple) know Touch ID's vulnerabilities, lest we are lulled into a false sense of security, but on the other hand, it's a bit of a let down that we can't rely on this technology 100%. Maybe it was foolish of us to expect that in the first place. I'm continuing to guard my iPhone like a hawk, even if these weaknesses can be overcome, if for no other reason than a lost or stolen phone is a pita.
There's no doubt in my mind, that phones (and tablets) can be made more secure, but multi-step security protocols every time you pick up your device is not what anybody wants to deal with; just look at the stats of pre-5S iPhones and how few people actually are using passcode.
Perhaps several years down the line, iris scans might become more commonplace; one would think those would be harder to procure by would-be thieves. Of course by then we have to worry about savvy pickpockets stealing our 'iWatches'.
