Hackers Bypass Apple’s Touch ID with Lifted Fingerprint

It looks like the same procedure the Mythbusters guys did a few years ago.

But you still need a perfect copy of the correct finger to do this. Good luck actually doing this to someone unsuspecting.

If you are paranoid of someone actually lifting your print, use the pinky on your off-hand. Much less likely you are leaving a good print of that anywhere.
 
This was such a dumb story that's getting so much publicity. I'm no apple fan, but there is nothing realistically plausible about this that makes it any worse than any other method of locking/unlocking your phone.
 
This was such a dumb story that's getting so much publicity. I'm no apple fan, but there is nothing realistically plausible about this that makes it any worse than any other method of locking/unlocking your phone.

People seemingly take pleasure in trying to bash Apple in any small way they can. There are plenty of things to bash on Apple for, but when they choose something like this it brings out the obvious bias.
 
Just out of curiosity, is there no grace period when the phone is unlocked with TouchID? There is with a pass code unlock.
 
That's why iPhone muggers will take your finger or thumb to go with it, because they aren't desperate or anything.

What if I use my middle finger to unlock? You have a 1 in 4 chance of taking the correct finger (not counting your thumb). Might as well take the whole hand.:eek:
 
What if I use my middle finger to unlock? You have a 1 in 4 chance of taking the correct finger (not counting your thumb). Might as well take the whole hand.:eek:

Why would exclude the thumb or other hand. It's a 1 in 10 chance.

Which is why even if you left a perfect print somewhere, and someone had a CSI forensics team with them, and a lot of time, they still wouldn't be guaranteed of getting into your phone.
 
What if I use my middle finger to unlock? You have a 1 in 4 chance of taking the correct finger (not counting your thumb). Might as well take the whole hand.:eek:

Lol..

"Oh noes! Dey tuk my iPhones!!"

r2588996261.jpe
 
And ask your usual forum dweller and they totally miss the point. Apple isn't about invention, it is about quality execution and brute forcing fringe technology into mainstream products, thus making them widely accepted. Always has been, always will be.

Fingerprint sensors aren't new. Forcing them into their popular flagship product, making it reliable and easy to use, and enabling it to be used for things like online purchases in the most popular digital storefont in the world is what's important.

Quality of execution and scale of deployment are what matters when it comes to Apple. Inventing something is beside the point.

Your correct, Apple does care about inventing, patenting on the otherhand..... :D
 
And ask your usual forum dweller and they totally miss the point. Apple isn't about invention, it is about quality execution and brute forcing fringe technology into mainstream products, thus making them widely accepted. Always has been, always will be.

Fingerprint sensors aren't new. Forcing them into their popular flagship product, making it reliable and easy to use, and enabling it to be used for things like online purchases in the most popular digital storefont in the world is what's important.

Quality of execution and scale of deployment are what matters when it comes to Apple. Inventing something is beside the point.

IT IS *NOT* SECURE.

Phones are full of fingerprints. All you have to do is lift them and find the right finger and then you can fool the fingerprint sensor. It is absolutely worse than a password because it is likely that everything one needs to crack the security (e.g. lift-able fingerprints) will be right on the phone itself. People that have trouble remembering simple passwords are not likely to have the intelligence or the foresight to wipe their fingerprints clean every time they set the phone down.
 
Phones are full of fingerprints. All you have to do is lift them and find the right finger and then you can fool the fingerprint sensor.

I would love to see that demonstrated. I bet you will find this next to impossible in any real world condition.

A real user phone would have a bunch of smudged, overlapping prints. It would be very hard to pull very clean single print off the phone, let alone the right one you need.

This is the hardest part of the problem, and for the demo, they just skipped this part and had the user give them a perfect print.
 
A couple of ideas:

After or doing the fingerprint scan, make sure that the phone has connected to icloud to ensure its not lost or intended to be wiped.

Allow only 1 or 2 tries before the password is required. This negates scanning the correct fingerprint off of the phone somewhat.

Use positional data history to verify separate fingerprints. (How likely is a thumb print going to be used when the phone is on a stationary surface horizontally?)

Decrease the time between passwords if the user chooses so.

More oleophobic coatings.

Allow two step authentication if the user chooses so.
 
A finger print is the worst way to secure your phone. Your finger print can be considered 'public knowledge' and you have no expectation of privacy, so you can be forced to unlock your phone for authorities. :eek:
 
The guys shaky finger freak me the fuck out. Is there cocaine on the table too? Lol
 
A couple of ideas:

After or doing the fingerprint scan, make sure that the phone has connected to icloud to ensure its not lost or intended to be wiped.

Allow only 1 or 2 tries before the password is required. This negates scanning the correct fingerprint off of the phone somewhat.

Use positional data history to verify separate fingerprints. (How likely is a thumb print going to be used when the phone is on a stationary surface horizontally?)

Decrease the time between passwords if the user chooses so.

More oleophobic coatings.

Allow two step authentication if the user chooses so.

Most of these things are already implemented.

User can already choose how long before requiring the password. As I recall the lowest number is 1 minute with various values up to 24 hours.

It is up to the user to decide to enable 'Find my iPhone' on their device. Once this is enabled the activation lock is enabled, among all the other things which i've commented on before.

I don't own a 5s so i'm not sure if the user can change the option or not, but as I recall the default setting is to ask for a password after 5 failed attempts as it is.

Again, this is a non-issue. iOS 7 already has tons of features that would make doing this irrelevant.

The only way a thief/hacker would be able to get around the security is if a jailbreak were released for this current version of iOS 7. Even then, some jailbreaks use security flaws in software (Like Safari) to initially gain root level access to the device so a thief would still be locked out completely.
 
Back
Top