iPhone 5s fingerprint scanner Touch ID 'hacked

Inevitable really, it's fairly old technology. Apple should do the right thing and tout it as a convenience rather than a high security feature. You could see this coming a mile off even before it was released.
 
First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Click to expand...

Sounds a bit more complicated than simply lifting prints off a glass etc.
 
It hasn't been 'hacked' not in my eyes (if what somnambulist is true - can't find those details online)... In this instance, before I read the article, I assumed they had reversed engineered the fingerprint from the encrypted file on the phone... This is a complete 'non story'...

As pointed out by Somnambulist if someone is going to go to that length to open your phone then they could easily watch over your shoulder to get a 4 digit pass code... OR if they want to get round it quicker... hold you at knife point.

News companies just want this type of headline to scaremonger.
 
Considering it's aimed at people who weren't using a pin at all it's infinitely more secure - certainly more secure than copying the pattern off the screen or using a photo to bypass the lock as on other devices.

It still doesn't override activation lock so pointless from a theft perspective and if someone really wants your data then they could just as easily look over your shoulder to get your pin.

This is just going to be this years iphone launch link bait...

Having used touch id for a few days it has to be said that it is probably the best hardware addition from the last few years for any phone - unlocking my Nexus with a pattern seems so clunky now.
 
But if what Somnambulist posted is correct then it pees all over their "We're scanning sub dermal layers so it's more secure" line.
 
Be careful before brushing this off as a non-story. You're investing your biometric information into a system that was defeated in a couple of days. It's highly likely that this authentication method is going to gain traction, so whether it's Apple, Microsoft, Samsung, etc. it's definitely in the public interest to batter the implementations and see how they fail.
 
theheyes said:
Be careful before brushing this off as a non-story. You're investing your biometric information into a system that was defeated in a couple of days. It's highly likely that this authentication method is going to gain traction, so whether it's Apple, Microsoft, Samsung, etc. it's definitely in the public interest to batter the implementations and see how they fail.
Click to expand...

We are not brushing this off but that amount of work and compliance that is required from the fingerprint "holder" makes this a very unlikely hack. This technology has been around for years in much larger stand alone devices and they always have the same flaws.

The fingerprint is always backed up by a pin code as well so if someone sees you entering that they will have access anyway. That would be a hell of a lot easier than the fingerprint spoofing. Again, its probably less work and easier to get someones appleID password from them than a good enough fingerprint.

You would kind of hope that anyone with serious enough information might just lock the phone down via find my iphone if someone steals their phone and their fingerprint.
 
I wouldn’t call that "hacked". That is like someone got into your house by finding your spare key to the house that you left at a family member, took the key to a locksmith, made a copy of said key and then used that key to get into your house.

The lock wasn't "picked".

It also seems like a lot of trouble to get into a phone, and lets face it, you have to be a person of such importance, with data of such sensitive nature to warrant such effort to find a good source of your print and then make a copy and then steal your phone.

Your day to day pickpocket is not going to be able to do that.
 
Not quite, given that anyone stealing your phone has also just stolen a large metal rectangle that you could quite feasibly have your prints all over it...

It's still nothing to be really worried over though. Your average mugger/thief isn't going to go to all that hassle.
 
How people define "hacked" isn't really important. Keyloggers have been harvesting legitimate credentials and plugging them into properly functioning services for years. Nothing was broken, and yet the system was defeated. It's an extremely broad definition and this example definitely falls within it.
 
Inevitable, happened very quickly though.


Its not the most worrying feature of the fingerprint scanner though:

"Passwords are secret and dynamic; fingerprints are public and permanent," Franken wrote. "If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change it -- as many times as you want. You can't change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What's more, a password doesn't uniquely identify its owner -- a fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life."
Click to expand...

(http://news.cnet.com/8301-13579_3-5...ons-privacy-of-iphone-5s-fingerprint-scanner/)
 
Concorde Rules said:
Given that the phone doesn't store the fingerprint, it doesn't matter.

I love this feature as a more secure alternative to a 4-digit pass code.

I look forward to it appearing on my iPad 5!
Click to expand...

I wonder if it will ever make it to the MBP and rMBP, replacing the power button with it....
 
Judgeneo said:
I've seen no reason why a piece of malware couldn't steal it when you scan.
Click to expand...

On a jailbroken device you mean? Apple will have locked this down hard to make sure that if they open it up to external app, it is not available as raw data.
 
theheyes said:
You wouldn't extract the fingerprint from the device anyway.
Click to expand...

You need the person to give you access to their finger in order to spoof it by all accounts. Just taking a fingerprint off a cup or glass will not work by the sounds of the method they used to hack it.
 
You must log in or register to reply here.
Back
Top Bottom