Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Touch ID Bypass Detailed, 'Average Consumer' Shouldn't Worry
- Thread starter MacRumors
- Start date
- Sort by reaction score
Maybe not but I am making that face
It took him 30 hours from getting the phone to doing it. He says 30 mins if better prepared ... How much better prepared can you be... He has the knowledge beforehand, the intent, the equipment, a perfect fingerpint oh and yes the finger that gave it. You cant get more prepared than testing it on yourself.... And no refinement will get this from 30 hours to 30 mins.
But say it can be done in 30 mins ...
There are 2 issues:
1) a clear and transferable print is required to do this. Now between constant use of sceen, buttons and movement while in a pocket, there is very little chance of a perfect print. Especially a perfect intact one of the specific finger.
He knew which finger was used and created a perfect print to copy. Not realistic of real world activity.
2) unlike you perhaps but myself and most I think would notice within 30 mins if we no longer had our phones due to the sheer anount they are used.
As for getting to a device to access, block and wipe the phone. I would take any steps needed. Friend, family, work, school, local buisness, person living down the street. I would say its sn emergency and really need access to the internet.
----------
I used to use a longer one but soon realised That it was just too slow. I needed access to my phone quickly not in 10 secs.
Exactly what I was thinking about. According to Apple: "The sensor uses advanced capacitive touch to take a high-resolution image from small sections of your fingerprint from the subepidermal layers of your skin.". Subepidermal means the layer below the outer layer of the skin. This seems to be a marketing lie/gimmick, as a rubber representation (or wood glue in this case) of a fingerprint seems to work just fine, and that representation is of the epidermis.
in all reality, there's probably truth in that statement though i guess i can see how it would/could be misinterpreted
it means that while the phone is creating/memorizing your fingerprint id, it's scanning beyond simple pressure of your ridges (as in, that's probably what they experimented with first in order to electronically store your print but couldn't get it detailed/3D enough or reliable enough so they had to try other means to get a deeper read)
what it doesn't say is that it uses sub-epidermal layers as a means of identification -or- it doesn't scan inside your body (and definitely not your blood as 'subepidermal' might make some people correlate with)to see if you are you.. it's only used to 'take a hi-res image' but there's no mention of it subsequently using sub-epidermal scans during the unlocking of the phone phase..
of course, this is all open to other interpretations and feel free to tear that # apart if you wish or see a flaw in my logic..
add-- even if it does use sub-epidermal scanning during the ID phase, it's still not saying anything different than shining a flashlight through your hand.. and yes, that same type of scanning/reading would happen with latex or glue etc.. maybe someone should try to duplicate the hack except use a completely opaque material for the fake print.** (which would make a sub epidermal scan impossible (unless using smthng like ultrasound or MRI tech etc.. but I assume the scan is more standard light/laser based?))
..I guess my point is this.. the sub-epidermal scan thing is (probably) way more to do with reliability/repeatabilty ("oh! hey! it works every time!") as opposed to anything to do with stronger security.. if they simply relied on pressure of ridges, I assume it would be a lot more finicky and definitely not "it just works"
**add2-- you could probably experiment with the sub-epidermal thing a lot more easily than needing to go through the entire outlined hack process.. just push your finger into some wax to make a mold then fill it with something (glue etc..) seems like most people should be able to do this very easily (i don't have a 5s so i can't try it).. if you can get a working print that way, then try filling the mold with a material that light can't go through (no ideas off the top of my head other than ,say, tar but i wouldn't recommend touching your phone with it).. if a transparent material works and an opaque one doesn't then i think that would somewhat outline what sub-epidermal scanning is doing..
Last edited:
I'm so sick of these fingerprint "hacks" yes if someone gets your fingerprints they can unlock your phone this video proves it isn't an easy thing to do. This is like when google announced the facial recognition with ics there was a "hack " out every other day stating oh look if someone gets a picture of you they can unlock your phone no s@$& . There's good enough hackers that can bypass passwords and pins get over it.
Lol exactly I wonder how many peoples faces were cut off to unlock an ics phone.
I hadn't seen the hack video nor read how it's done. And I haven't used nor seen how the Touch ID activation works. So my post was based on the assumption that the post I commented included factual information. If you know better, good for you, but it doesn't mean you need act like a dick.
What Apple spin are you talking about? This post is about how the person that found a way to fool Touch ID with a copy of a fingerprint doesn't think it's a big deal for most people.
It's not based on pressure, but you're on the right track as to why they go sub-epidermal. It's about clarity.
Not light based either.
AuthenTec is usually radio based. The steel ring sends an AM signal through your finger, to the grid array of ~50 micron square antennas below the Home button.
This is to get a better and more repeatable image of the ridges (which begin in the subdermal region) even if the surface is messed up.
Yep, although it's also so that a simple 2D image won't work.
You actually bring up a good point. There are three types of prints. The type most people are talking about here, which is prints from surface oils. There's also prints from other materials (e.g. a bloody finger). And the third are impression prints, where your finger presses into something and leaves a mold, which is perfect for something like this.
Last edited:
Just a compliment to their public response (not specific to this article) made when the "reveal" first hit the mainstream press. Apple offered a brief, yet very effective comment. I should have captured the link it was very well done.
For some reason it brought to mind the way AUDI bungled their damage control efforts regarding the "unattended acceleration" situation that came up many years ago. It they had been as skilled as Apple, they'd never have experienced the huge drop in sales.
When these high profile situations arise, exacerbated and blown up to unreal proportions by the mainstream press, good damage control skills are priceless.
The Average Consumer Doesn't Care That Touch ID Was 'Hacked'
Here's why in this post... Why Consumers Didn't Care About Apple's Touch ID Getting Hacked
Here's why in this post... Why Consumers Didn't Care About Apple's Touch ID Getting Hacked
OK, thank you. Anyhow, it seems that Apple is not only using the residual print that is left on the glass, but is also using "capacitive" touch, sensing the electrical impulses in one's finger when placed on the sensor. So it may be that this hack does not work as indicated in the video.