Solution for the German hack of touch id

Discussion in 'iPhone' started by cameronjpu, Sep 26, 2013.

  1. cameronjpu macrumors 65816

    Joined:
    Aug 24, 2007
    #1
    Simple - have an optional security level where not one but two+ fingerprints are required, and to make it cia level secure, all it to be a pattern. Ie left index then any other finger then right middle. That way you can prevent someone from watching you do the touch from knowing what's wrong or right. Kinda like what baseball catchers do when a runner is on second. The first sign tells the pitcher what later sign actually matters. Easy fix?
     
  2. bigjim83 macrumors 6502

    Joined:
    Dec 14, 2011
    #2
    Pretty much but who is really worried about this? I mean the German hackers who did this are some pretty serious folks. The regular dirt bag that steals your phone just to resell it won't have these capabilities. Even if they did you could just jump on find my iphone and wipe.
     
  3. deeddawg macrumors 603

    Joined:
    Jun 14, 2010
    Location:
    US
    #3
    Relax. Nobody's *that* interested in your pr0n history...
     
  4. rackham12 macrumors newbie

    Joined:
    Sep 25, 2013
    #4
    This
     
  5. cameronjpu thread starter macrumors 65816

    Joined:
    Aug 24, 2007
    #5
    I couldn't care less about my own phone. Have never even had a pass code on it. But this hack has made headlines, stupid and impractical as it is, for the last week. It would be simple for apple to add a layer of 'what you know' security to the existing 'something you have' fingerprint.
     
  6. Lucille Carter macrumors 65816

    Joined:
    Jul 3, 2013
    #6
    Something like this can only be blown up in the iPhone forum.
     
  7. BHP41 macrumors 6502a

    BHP41

    Joined:
    Jul 21, 2010
    Location:
    United States of America
    #7
    Why in the **** would I want this. It took 30 hrs to "hack" into it. By that time, I've already located and contacted the police or locked it with aw passcode in lost mode displaying a message. Or wiped the device, display a permanent message on the screen and moved on to another iPhone. The thieves can do nothing, yep NOTHING with MY iPhone. It's useless to them. So after all that hard work and expensive equiptment. They'll turn it on(if it already isn't) to find that not only do they need my Apple ID. They need my 20 character password also.

    So, if you want a secure iPhone. Use TouchID for ease of use everyday and a 20 character password for your AppleID. And guess what, all this is available to you NOW.
     
  8. Fission macrumors regular

    Joined:
    Sep 26, 2013
    #8
    What about the CIA? How do they keep secure?
     
  9. ssls6 macrumors 6502a

    ssls6

    Joined:
    Feb 7, 2013
    #9
    If someone steals your phone and then calls you to come down for a 2400dpi scan of your thumb….don't go.
     
  10. MonkeySee.... macrumors 68040

    MonkeySee....

    Joined:
    Sep 24, 2010
    Location:
    UK
  11. sviato macrumors 68020

    sviato

    Joined:
    Oct 27, 2010
    Location:
    HR 9038 A
    #11
    It wasn't a software hack and the way they did it would likely be too complex for the average thief
     
  12. BHP41 macrumors 6502a

    BHP41

    Joined:
    Jul 21, 2010
    Location:
    United States of America
    #12
    Keep what secure???
     
  13. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
  14. cameronjpu thread starter macrumors 65816

    Joined:
    Aug 24, 2007
    #14
    Sheesh I didn't expect all the hate. I'm just saying apple could quickly and easily give those who want it an extra security level to make even the (as I mentioned by the way) totally impractical method used by the German group infeasible. Stop looking at my post as 'apple is doing something wrong' to here's a simple fix for an otherwise tricky problem.
     
  15. BHP41 macrumors 6502a

    BHP41

    Joined:
    Jul 21, 2010
    Location:
    United States of America
    #15
    Did you not read my post???? Turn off simple passcode.
     
  16. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #16
    Congratulations, you've just made it complicated enough that most people won't bother using it.


    A much more pragmatic approach is to not worry about the "hack."

    A detailed write-up of the exploit from one of the hackers pretty much explains that you need about $1,000 worth of equipment, a VERY good unsmudged fingerprint sample, about 10 hours of time to devote to making the latex replica, very high skill level with high res cameras and photo editing software, and a lot of luck and patience OR an incredibly stupid/incredibly willing iPhone 5S owner who has no problem giving you more fingerprints if you mess up.

    The same person who has the resources to lift and replicate your fingerprint will probably find it easier to let the TouchID scans fail after 5 attempts, so they can plug in a cellebrite and try to hack at your PIN, or hack at your iCloud password, and steal the data/device that way.

    Bottom line: TouchID isn't perfect, but it's secure enough that there are only two reasons someone would hack away at your TouchID:

    1. Because they're 1337 hax0rs who want the notoriety of saying they hacked TouchID so they can spread some FUD about the tech, or
    2. They're really dumb, have a lot of time and money to burn, and are gluttons for punishment.


    Someone has to be REALLY, REALLY motivated to get into your iPhone to do this, and have the time, money, opportunity and resources to do it correctly... PLUS the stupidity to not realize that there might be easier ways to get what they want.

    The average apple-picking thief on the street isn't gonna have the time or skills to pull this off. Nor is the average snooping co-worker, acquaintance, frenemy or significant other. In fact, if someone actually DOES try to do this to your iPhone, then you're probably got the attention of some really tenacious people, and the safety of your iPhone is likely the least of your worries at that point.
     
  17. cameronjpu thread starter macrumors 65816

    Joined:
    Aug 24, 2007
    #17
    You missed the point. My suggestion is to make the higher security level optional. As I clearly stated and you took pains to repeat over 1000 words, the average person doesn't need this but wouldn't it be nice if there was an option buried deep in security settings. Apparently not lol.
     
  18. BHP41 macrumors 6502a

    BHP41

    Joined:
    Jul 21, 2010
    Location:
    United States of America
    #18
    It's not a big concern. What Apple should Sonia change the default pin setting to a regular password. You should have to enable the simple passcode option.

    That way, you have a strong 20 random character password set and use TouchID. By the time they got through TouchID. They'd need to be very very good and have more than a $1000 dollars worth of equiptment to hack your password.

    Having TouchID and using it properly allows you to have a very secure iPhone.
     
  19. BeeGood macrumors 65816

    BeeGood

    Joined:
    Sep 15, 2013
    Location:
    Lot 23E. Somewhere in Georgia.
    #19
    I hear what you're saying, but by doing this, Apple would be sort of validating this as a vulnerability when in reality it really isn't.
     
  20. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #20
    So to put what you just said in fewer words: you want to complicate the process, then make it "optional" because really, hardly anyone needs to use it, nor would they want to?
     

Share This Page