Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Touch ID Bypass Detailed, 'Average Consumer' Shouldn't Worry
- Thread starter MacRumors
- Start date
- Sort by reaction score
1) Your fingerprint is never stored on the iPhone 5S. A data hash is generated from your fingerprint.
2) You leave your fingerprints everywhere. Is it easier to lift a fingerprint from something you touch or access the secure enclave on the A7 chip and reverse engineer the encrypted data hash generated from a device specific key?
c'mon...
One can lift your fingerprint from the smudge on the screen, if they wanted to, which is way easier than hacking a "fingerprint code" hidden in a chip.
One can lift your fingerprint from the smudge on the screen, if they wanted to, which is way easier than hacking a "fingerprint code" hidden in a chip.
I think it's easier to put your finger 5 times to trigger the password login, and then try to guess the password...
Thank you. I couldn't believe what people were saying about the cat paw print, etc., and now this.
The "hack" is that a fingerprint itself, with a lot of money, time, and expertise, can be duplicated. NOT that the Touch ID system can be configured with a fingerprint, then bypassed with another, or digitally tricked into permitting entry.
If you used your cat's paw to setup Touch ID, you didn't hack your phone - you just better darn well be sure that you have your cat with you whenever you want to use your phone. Until you use your own fingerprint to set it up again.
Anything that takes 30 hours and lots of equipment that most people won't have access to is not "easy".
Just making the assumption that the fingerprint you capture is the same one used to unlock the phone is suspect. The whole process, in fact, is suspect.
What they really should be testing is to get someone's iPhone 5s, trying to find and duplicate any fingerprint pulled from the phone and then seeing if they can get past the fingerprint security.
Just making the assumption that the fingerprint you capture is the same one used to unlock the phone is suspect. The whole process, in fact, is suspect.
What they really should be testing is to get someone's iPhone 5s, trying to find and duplicate any fingerprint pulled from the phone and then seeing if they can get past the fingerprint security.
It would be nice to have the option for those who are crazy about security, but for the most part that defeats the purpose of touch ID - to be a more convenient way to unlock your phone than a pin code.
And either way if this was a thief who wanted information on your phone it would be wiped by the time he completes the process. Otherwise the only real way someone breaks this is by having your fingerprint already and completing this process some other time.
But then they still need unattended access to your device.
I don't see the point of option 3. That's like having a simple passcode and strong passcode.
This article is just hogwash... this isnt a way to BYPASS touchid... you are actually using a fingerprint to get in. Albeit a copy of a real print, it is a print nonetheless... so it is doing what it should. That would be like saying "passcodes have been bypassed" and then you come to find out the user gave his passcode to the guy who bypassed it The title of both articles should be "TouchID works with lifted finger prints".
The title of both articles should be "TouchID works with lifted finger prints".Why stop there?
4. TouchID, passcode, and retinal scan using FaceTime Camera
5. TouchID, passcode, retinal scan, and DNA sample (using accessory that collects blood or saliva and then matches it with DNA data stored in an encrypted database).
6. The phone can never be unlocked; if the screen ever turns off or if it leaves the owners hand it bricks itself, overwrites all data with a 35 pass Gutmann method, catches fire, reducing the iPhone to nothing but dust - at which point the iPhone molecules each travel through different wormholes into alternate universes.
It does provide strong security. It would take a knowledgeable person 30 hours and about $1000 worth of equipment just to MAYBE get access to your stupid texts and photos. You'd have to have some VERY interesting stuff on your phone to be worth that amount of time and expertise. If your information is that juicy, then you probably already know better than to use only simple convenient security measures like Touch ID (or a merely 4-digit PIN for that matter).
So what did we learn, give anyone enough time and know how and they can break the security.. hmm I think that goes for just about all levels of security, certainly the passcode lock as well. Personally I feel just as safe with a passcode lock as I would a finger print, both are hack-able, so always keep your data safe behind another layer of security. Nothing new here, move along.
This article is just hogwash... this isnt a way to BYPASS touchid... you are actually using a fingerprint to get in. Albeit a copy of a real print, it is a print nonetheless... so it is doing what it should. That would be like saying "passcodes have been bypassed" and then you come to find out the user gave his passcode to the guy who bypassed it
LOL, yeah. "I totally hacked into his phone cuz I knew his passcode."
OK so who do we believe? The guy that did it with inexpensive office equipment in less than 30hrs or the guy that uses thousands of dollars worth of stuff and deems the process anything but trivial?
Well you can change it depending on how many appendages you have left. Would look silly in public trying to unlock your iphone with your toe.
At this time last week, fingerprint technology was not even an option with today's popular smartphones. At least 50% of iPhone users weren't even using any passcode at all to protect their device. Android phones don't have any fingerprint technology.
And now people are all worried that the iPhone 5S has weak security because someone created a hi-res copy of a fingerprint???
TouchID is a huge leap forward. Obviously it is not impossible to hack. Nothing is impossible to hack. If major sites like Twitter and Google can be hacked, do you really think your $199 phone is immune?
Common sense goes a long way. Keep track of your phone in public and don't leave it sitting out on tables at restaurants or coffee shops like most people do. That alone will drastically reduce the odds of someone swiping it.
But just in case someone does swipe it, use TouchID and set-up Find My iPhone. The average rookie thief is not going to be able to get in, and by the time they've tried, you'll be able to lock the phone and track it via Find My iPhone.
The tips above are enough to protect the majority of iPhone users. Unless you're a government employee or part of some secret society, nobody is going to care enough about your phone and your collection of Instagram selfies to create a complex copy of your fingerprint to break into it.
And now people are all worried that the iPhone 5S has weak security because someone created a hi-res copy of a fingerprint???
TouchID is a huge leap forward. Obviously it is not impossible to hack. Nothing is impossible to hack. If major sites like Twitter and Google can be hacked, do you really think your $199 phone is immune?
Common sense goes a long way. Keep track of your phone in public and don't leave it sitting out on tables at restaurants or coffee shops like most people do. That alone will drastically reduce the odds of someone swiping it.
But just in case someone does swipe it, use TouchID and set-up Find My iPhone. The average rookie thief is not going to be able to get in, and by the time they've tried, you'll be able to lock the phone and track it via Find My iPhone.
The tips above are enough to protect the majority of iPhone users. Unless you're a government employee or part of some secret society, nobody is going to care enough about your phone and your collection of Instagram selfies to create a complex copy of your fingerprint to break into it.
Surely this is not the first time a fingerprint system has been "hacked" is it? I'm almost certain that it's because Apple being under the microscope as they always are is why they'd go through so much trouble to "hack" TouchID. And they did it by replicating a fingerprint. How's that not like taking a photograph of a key and machining a duplicate? Or taking an imprint of a key and doing the same thing. IE - they needed a somewhat physical way of duplicating the fingerprint in order to physically use it on the TouchID sensor.
I don't see anywhere in Apple's documentation that TouchID can tell the difference between a real fingerprint and a simulated one. They've only stated that the actual fingerprint data stored within the phone is inaccessible. Now, if someone were to be able to extrapolate the fingerprint from what's stored inside the phone....then I'd be worried.
I don't see anywhere in Apple's documentation that TouchID can tell the difference between a real fingerprint and a simulated one. They've only stated that the actual fingerprint data stored within the phone is inaccessible. Now, if someone were to be able to extrapolate the fingerprint from what's stored inside the phone....then I'd be worried.
