Simple - have an optional security level where not one but two+ fingerprints are required, and to make it cia level secure, all it to be a pattern. Ie left index then any other finger then right middle. That way you can prevent someone from watching you do the touch from knowing what's wrong or right. Kinda like what baseball catchers do when a runner is on second. The first sign tells the pitcher what later sign actually matters. Easy fix?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Solution for the German hack of touch id
- Thread starter cameronjpu
- Start date
- Sort by reaction score
Pretty much but who is really worried about this? I mean the German hackers who did this are some pretty serious folks. The regular dirt bag that steals your phone just to resell it won't have these capabilities. Even if they did you could just jump on find my iphone and wipe.
I couldn't care less about my own phone. Have never even had a pass code on it. But this hack has made headlines, stupid and impractical as it is, for the last week. It would be simple for apple to add a layer of 'what you know' security to the existing 'something you have' fingerprint.
Why in the **** would I want this. It took 30 hrs to "hack" into it. By that time, I've already located and contacted the police or locked it with aw passcode in lost mode displaying a message. Or wiped the device, display a permanent message on the screen and moved on to another iPhone. The thieves can do nothing, yep NOTHING with MY iPhone. It's useless to them. So after all that hard work and expensive equiptment. They'll turn it on(if it already isn't) to find that not only do they need my Apple ID. They need my 20 character password also.
So, if you want a secure iPhone. Use TouchID for ease of use everyday and a 20 character password for your AppleID. And guess what, all this is available to you NOW.
So, if you want a secure iPhone. Use TouchID for ease of use everyday and a 20 character password for your AppleID. And guess what, all this is available to you NOW.
Sheesh I didn't expect all the hate. I'm just saying apple could quickly and easily give those who want it an extra security level to make even the (as I mentioned by the way) totally impractical method used by the German group infeasible. Stop looking at my post as 'apple is doing something wrong' to here's a simple fix for an otherwise tricky problem.
Congratulations, you've just made it complicated enough that most people won't bother using it.
A much more pragmatic approach is to not worry about the "hack."
A detailed write-up of the exploit from one of the hackers pretty much explains that you need about $1,000 worth of equipment, a VERY good unsmudged fingerprint sample, about 10 hours of time to devote to making the latex replica, very high skill level with high res cameras and photo editing software, and a lot of luck and patience OR an incredibly stupid/incredibly willing iPhone 5S owner who has no problem giving you more fingerprints if you mess up.
The same person who has the resources to lift and replicate your fingerprint will probably find it easier to let the TouchID scans fail after 5 attempts, so they can plug in a cellebrite and try to hack at your PIN, or hack at your iCloud password, and steal the data/device that way.
Bottom line: TouchID isn't perfect, but it's secure enough that there are only two reasons someone would hack away at your TouchID:
1. Because they're 1337 hax0rs who want the notoriety of saying they hacked TouchID so they can spread some FUD about the tech, or
2. They're really dumb, have a lot of time and money to burn, and are gluttons for punishment.
Someone has to be REALLY, REALLY motivated to get into your iPhone to do this, and have the time, money, opportunity and resources to do it correctly... PLUS the stupidity to not realize that there might be easier ways to get what they want.
The average apple-picking thief on the street isn't gonna have the time or skills to pull this off. Nor is the average snooping co-worker, acquaintance, frenemy or significant other. In fact, if someone actually DOES try to do this to your iPhone, then you're probably got the attention of some really tenacious people, and the safety of your iPhone is likely the least of your worries at that point.
You missed the point. My suggestion is to make the higher security level optional. As I clearly stated and you took pains to repeat over 1000 words, the average person doesn't need this but wouldn't it be nice if there was an option buried deep in security settings. Apparently not lol.
It's not a big concern. What Apple should Sonia change the default pin setting to a regular password. You should have to enable the simple passcode option.
That way, you have a strong 20 random character password set and use TouchID. By the time they got through TouchID. They'd need to be very very good and have more than a $1000 dollars worth of equiptment to hack your password.
Having TouchID and using it properly allows you to have a very secure iPhone.
That way, you have a strong 20 random character password set and use TouchID. By the time they got through TouchID. They'd need to be very very good and have more than a $1000 dollars worth of equiptment to hack your password.
Having TouchID and using it properly allows you to have a very secure iPhone.
I hear what you're saying, but by doing this, Apple would be sort of validating this as a vulnerability when in reality it really isn't.
So to put what you just said in fewer words: you want to complicate the process, then make it "optional" because really, hardly anyone needs to use it, nor would they want to?