Gee, have you check your own phone for a perfect complete print? Here is none end of story.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Touch ID Bypass Detailed, 'Average Consumer' Shouldn't Worry
- Thread starter MacRumors
- Start date
- Sort by reaction score
Gee, have you check your own phone for a perfect complete print? Here is none end of story.
I highly recommend, at this stage with Touch ID as your primary login, - changing your password to a longer digit number. If you use the "complex" passcode and change it to ONLY numbers, it will still just show you the number pad to unlock. I changed mine to be more than 4 digits this way.
A guy who did tons of research and developed the method to crack the fingerprint needs 1.5 HOURS to do so using an IDEAL print purposely placed on a glass. Good luck trying to find a usable print on my phone. Plus in that 1.5 hours I'll have the device wiped.
Why should I be worried again?
----------
Way ahead of you.
Each parameter could be hashed separately no? But regardless, the data itself can not be used to recreate a finger print.
I think the tin foil hat wearers are gonna have a field day with this one. I'll make sure I avoid my friends with pcb etching kits from now on :/
Maybe not your nipples (you SICKO!
), but I was thinking that you could use other body surfaces that only you would know (unless someone saw you unlocking your phone and then could get prints of that body part somehow).Maybe holding two particular fingers together to unlock or the heal of your hand or a knuckle.
Or your penis... (okay, now I'm the sick one) very few law agencies have prints of people's penises. (the NSA, maybe
)
The only problem would be if one didn't know their iPhone was missing for a couple of hours. I know a lot of people that are not attached to their iPhones like a lot of us on this forum are
My prediction
I think the iPhone 5s will significantly reduce the world crimes.
Why? It takes 30 hours to break into your own phone if you know what you are doing and have the cash to invest in the necessary equipment.
Breaking into someone else phone will take a bit longer, say a week.
That is a week spending on breaking into a phone with the possibility of no significant financial gain, where as the same time could be spent committing multiple easier crimes, like throwing a rock through someone's window and burglarize the house.
I think the iPhone 5s will significantly reduce the world crimes.
Why? It takes 30 hours to break into your own phone if you know what you are doing and have the cash to invest in the necessary equipment.
Breaking into someone else phone will take a bit longer, say a week.
That is a week spending on breaking into a phone with the possibility of no significant financial gain, where as the same time could be spent committing multiple easier crimes, like throwing a rock through someone's window and burglarize the house.
Which was the point I was making when it was first reported, and I kept getting crap for it. It's that there was blatant misinformation as to how it worked and its reliability. The scanner should not have been marketed as anything other than a technology if increased convenience and the sub dermal scanning invalidating dead tissue or false impressions is a blatant falsehood.
Consequently, I put my money where my mouth is and cancelled my order. More than that, I'd planned on snagging the new iPad mini and maybe a Haswell rMBP; neither of those purchases are going to happen presently. I won't buy another Apple product until there's a public apology admitting that they either overstated the security benefit or were grossly ignorant of the possibility. It's time companies learn that they can't lie to us with impunity.
Was the misinformation from Apple or other sources on the internet speculating how it works?
The one thing I'm wondering if you must have still is a live finger (and the sub dermal is used to detect a pulse or "live tissue")?
put a plastic/leather case for the back.
don't leave a good print on the screen and only use one finger for touch id.
if you do that, you'll have nothing to worry about.
don't leave a good print on the screen and only use one finger for touch id.
if you do that, you'll have nothing to worry about.
Not really hacking!
To me its not really hacking the system with the same finger print. And as another person said thats seem like a lot of work for an iPhone.
To me its not really hacking the system with the same finger print. And as another person said thats seem like a lot of work for an iPhone.
???
How the heck would anyone be worried??? No average thief is going to have this equipment or know how to do it. Unless your a target by the government, you will be fine. Plus touch ID is just another safety precaution. Its like saying Androids Facial recognition is perfect. LOL jokes.
How the heck would anyone be worried??? No average thief is going to have this equipment or know how to do it. Unless your a target by the government, you will be fine. Plus touch ID is just another safety precaution. Its like saying Androids Facial recognition is perfect. LOL jokes.
The only problem would be if one didn't know their iPhone was missing for a couple of hours. I know a lot of people that are not attached to their iPhones like a lot of us on this forum are
Sure but if you have sensitive data on it you probably will always know where your phone is. If the data isn't sensitive the remote wipe doesn't really have a strong purpose...
You have to enter a passcode to use the TouchID. And if you power it up, you must sign in with the passcode first. Yes, that makes you vulnerable to an attack. But you get five guesses and it shuts off and needs the thumb again.
Plus, to use this to get into your phone, they need the phone and some fancy gear and expertise. And they're racing until you go to "Find my iPhone" and wipe it out. Then they can't even authenticate it again until they know your Apple ID. It's not impossible to hack, but with the passcode and encryption and the special chip the encrypted ID is stored in, you're got security until James Bond or Yuri from the FSB or Clive from MI5 puts you in its sights. In other words, it's pretty good privacy very easily.
Actually, Apple only said that the original image was not stored or reproducible.
If, as usual, the data is a list of the features needed for a match, then that's all you need to create a fingerprint with matchable features. Most of it might not even have to look the same.
True! Although I did run across one example of a secure enclave that was hacked because the key used to encrypt it was left in RAM and was found.
Most of us have no reason to worry.
However, if someone wanted to target a specific person, there are plenty of ways to get a good print BEFORE stealing the device. E.g. if you wanted to see someone's emails and photos in order to blackmail them, you could pay a waiter to get clean prints from a glass, and get others to watch which finger he uses to unlock his phone. Then prepare a fake finger ahead of time.
Sorry. Habit. One of my jobs used to be figuring out possible ways around security features, to exploit enemy devices.
The dead tissue thing was never stated by Apple. It was perpetuated by internet technology sites. Plus if you look at how they're defeating the sensor, they're covering their live tissue with essentially a false surface. So even if Apple made that claim it would still be a valid one. Basically no one can sever your finger and then immediately use it to gain access to your phone.
Also how did Apple overstate the security benefit of the sensor? I can find nothing from Apple that says the fingerprint sensor "will never be able to be defeated." Its a security feature not an absolute barrier.
Your anger is very unfounded.
I agree, there should be an option, but never should it be required to use both.
TouchID still has some "figuring out" to do, but naturally it's a young feature and will grow with time.
Sure but an enterprising thief could also pay a custodian to install a small camera near your office desk and get your alpha-numeric password to your computer/phone/etc.
Are any of these situations likely? No. Are they possible? Yes. If you have sensitive data that you know people may actively try to steal you will need more than simple passwords and fingerprints...
I know, I only went on with what you started regarding the feasibility of using hashes.
Right, but that is not the same a recreating the image and it adds lots of assumptions that are completely opposite of what Apple has said. For example, the data is not stored in a secure part of the SoC, it's shared, even the algorithm used is shared. The only one that could use it and have such databases afaik is law enforcement, they would need to adapt their systems to work with Apple's implementation. Then you have to ask yourself of what use it would be, they could only see if you are in their database of fingerprints, assuming you are part of an investigation. If that's the case then they have your phone number and identity (how else could Apple share the info), if they have your phone number and identity they can do a search in their database without finger prints.