Hackers Bypass Apple’s Touch ID with Lifted Fingerprint

[CommanderFrank]

Well, it only took about a day and a half for someone to figure out a way to bypass the fingerprint ID system on the newly released iPhone 5S. A German hackers group, Chaos Computer Club, successfully bypassed the system. It wouldn’t be called hacking per se, more like someone watched too many MacGyver reruns.

 

[Grebuloner]

You know, considering previous Apple releases and hacks, I'm a little disappointed that they didn't find a technical loophole before the 5S went on sale.

 

[xxEIEIOxx]

I'm surprised it took as long as it did. It's not like Apple just invented the fingerprint reader. These things have been exploited for years.

 

[DPI]

A German hackers group, Chaos Computer Club

 

[Exavior]

I'm surprised it took as long as it did. It's not like Apple just invented the fingerprint reader. These things have been exploited for years.

As any of the apple fan boys and I bet they will disagree. This is the first use of a finger print reader ever on any device and everyone at Apple is a genius for thinking up and creating such technology.

 

[MostComfortable]

As any of the apple fan boys and I bet they will disagree. This is the first use of a finger print reader ever on any device and everyone at Apple is a genius for thinking up and creating such technology.

And ask your usual forum dweller and they totally miss the point. Apple isn't about invention, it is about quality execution and brute forcing fringe technology into mainstream products, thus making them widely accepted. Always has been, always will be.

Fingerprint sensors aren't new. Forcing them into their popular flagship product, making it reliable and easy to use, and enabling it to be used for things like online purchases in the most popular digital storefont in the world is what's important.

Quality of execution and scale of deployment are what matters when it comes to Apple. Inventing something is beside the point.

 

[MostComfortable]

This is some Mission Impossile style shit. Not likely to happen but fun to think about!

 

[stealthy123]

that dude's hand was shaky as all hell.

 

[inyourface1650]

Can it be used it in conjunction with a password or pin, as opposed to the only credential? MFA style... Then it is a very secure addition to local or Web Auth.

 

[Fooshnik]

Since this is not secure perhaps Apple can incorporate some sort of two-factor authentication. Such as texting you a code to enter after you scan your fingerprint.

 

[SticKx911]

Since this is not secure perhaps Apple can incorporate some sort of two-factor authentication. Such as texting you a code to enter after you scan your fingerprint.

to the phone your hacker has in hand? I don't see that as effective.

 

[inyourface1650]

no, but if its "scan fingerprint AND put in PIN or Password" it becomes far more secure.

 

[dr.kevin]

I'm not impressed. This shit is straight from the movies/TV. If you were so VIP that someone would make a latex fingerprint, you wouldn't be using an iphone.

 

[Terpfen]

Is it really hacking if it's the iPhone's owner unlocking his phone? I would be more concerned if he had given his fingerprint impression to the guy holding the camera and that second person had unlocked the iPhone.

 

[SticKx911]

I'm not impressed. This shit is straight from the movies/TV. If you were so VIP that someone would make a latex fingerprint, you wouldn't be using an iphone.

agree.

IMO if they're going through these measures, you were a target and I doubt security on your phone is all you have to worry about. Yes, these things happen, but if we all lost sleep over the .01% we'd never sleep. How many stolen iPhones are even hacked and not just wiped and unlocked? What are they gonna do, buy apps to put on a phone that'll be cut off very quickly? Are they going to look up your contacts and call your friends and family? IDK, maybe I just have a boring life, but there's not much a crook can get from my phone that has value to them other than the device itself.

 

[Weenis]

agree.

IMO if they're going through these measures, you were a target and I doubt security on your phone is all you have to worry about. Yes, these things happen, but if we all lost sleep over the .01% we'd never sleep. How many stolen iPhones are even hacked and not just wiped and unlocked? What are they gonna do, buy apps to put on a phone that'll be cut off very quickly? Are they going to look up your contacts and call your friends and family? IDK, maybe I just have a boring life, but there's not much a crook can get from my phone that has value to them other than the device itself.

Some people do banking on their phones. While not wise, it happens.

 

[wonderfield]

no, but if its "scan fingerprint AND put in PIN or Password" it becomes far more secure.

The current implementation is single-factor only.

 

[pxc]

I figured it could be fooled with jello, but latex or glue for the molding are clever too.

 

[Jagger100]

no, but if its "scan fingerprint AND put in PIN or Password" it becomes far more secure.

That defeats the purpose of the fingerprint scan, people want to get away from that so badly they'll ignore the implications of this.

BTW in Mythbusters they made a print from a smudge. I'm sure with a smude picture and a good enough 3D printer people will learn tomake a fingerprint without much effort. Even easier a picture and splice into the reader hardware you may not even have to make a fake fingerprint.

 

[octoberasian]

Put it this way: How many hackers and identity thieves will be willing to swipe and copy your fingerprint to get pass the fingerprint scan?

How many are willing to go through all that Mission Impossible stuff-- latex copies, 3D printer copies, fingerprint powdering, high resolution prints, etc.?

As my friend told me last night after seeing this video: "You have to be someone kind of important for a thief to do all that work to get past the fingerprint scanner. It's still more secure than the commonly used 4-digit PIN code."

 

[M Bison]

Video by Michael J Fox.

 

[mynamehere]

Put it this way: How many hackers and identity thieves will be willing to swipe and copy your fingerprint to get pass the fingerprint scan?

How many are willing to go through all that Mission Impossible stuff-- latex copies, 3D printer copies, fingerprint powdering, high resolution prints, etc.?

As my friend told me last night after seeing this video: "You have to be someone kind of important for a thief to do all that work to get past the fingerprint scanner. It's still more secure than the commonly used 4-digit PIN code."

If a thief were to target people who are potential goldmines he just might hit pay dirt.

What about making one of those "finger" key bobs with a fictitious fingerprint. That way they can't just lift your fingerprint off the screen and unlock your phone. *runs to USPTO*

 

[joseardzm]

does he have parkinson?? too much shaking going on

 

[Arbit3r]

There was a tv show on a Discovery channel you all might heard of called "mythbusters". They had an episode on this on beating a finger print scanner. they were able to do it pretty much with same method.

 

[Arcygenical]

The largest benefit of the finger swipe imho isnt that it makes the device more secure (and i doubt it was ever marketed as such) but that it makes it more accessible to the owner. There are days i literally have text battles. 50-100 texts in 1-2 hrs trying to coordinate work events etc... or even changing a song while driving. putting in a 5 character pin each time you need to interact with your cell is a fucking drag. pattern lock is useless to anyone but complete strangers (most humans can memorize a 9 point path with one viewing) despite its ease of use - so honestly, this feature imho makes the phone very attractive.

 

[Wascrash]

My previous old Motorola Atrix has a finger print reader lol. worked well at that.

 

[Kueller]

My previous old Motorola Atrix has a finger print reader lol. worked well at that.

The Atrix was ahead of it's time. Fingerprint scanner, Laptop dock or webtop via micro HDMI out, dual core cpu.
Liked my Atrix a lot, miss the fingerprint scanner on my current phone.

 

[Mchart]

Yeah, not sure why this is such a big fuss.

If someone stole your iPhone 5s to do this the user could just use 'find my iphone' and remotely wipe the damn thing. If the thief turns the phone off to prevent this then the next time he turns it back on it'll be wiped anyways (And if it isn't) it will ask for the password on top of the fingerprint scan. Finally, the phone itself will be worthless if the thief tries to do a restore as when the phone boots up again it will still ask for the users icloud password to activate.

 

[TechLarry]

That video proved nothing to me.

 

[B00nie]

that dude's hand was shaky as all hell.

Hangover from a hacking session

 

[BBA]

I'd argue the device is more secure with the fingerprint feature than without it.

How so? You have a device that has your fingerprints all over it...and all that is needed to get in is your fingerprint?

 

[Jagger100]

Anything that can be done, someone will figure out how to do quicker and easier. Apple plans to use it for itune purchases and make it available for others. A store isn't going to pass up a way for you to make impulse buys. Imagine using it for banking. Quite the potential honey pot.
I can see individual thieves not doing anything with it but rather selling the phone right away to those who can.

 

[Airbrushkid]

They didn't hack shit. All they did was make a copy of his finger print. That's not hacking. So the odds of someone going thru the bs to make a copy of your finger print to access your phone is so far out there, that I wouldn't worry about it.

 

[Mchart]

How so? You have a device that has your fingerprints all over it...and all that is needed to get in is your fingerprint?

Time.

As with any security measure it is measured in time. In this case, doing this process to get a working fingerprint copy and get into the device will likely take such a great amount of time that the user would have remotely wiped their phone and/or iOS would ask for the normal password anyways.

This is why this is being blown way out of proportion.

 

[Mchart]

Anything that can be done, someone will figure out how to do quicker and easier. Apple plans to use it for itune purchases and make it available for others. A store isn't going to pass up a way for you to make impulse buys. Imagine using it for banking. Quite the potential honey pot.
I can see individual thieves not doing anything with it but rather selling the phone right away to those who can.

Again, any iPhone running iOS 7 is worthless if stolen as the user in question can remotely wipe the phone, and even if they aren't able to remotely wipe it by the time the thief fools the fingerprint scanner they'll be prompted to input the iCloud password as well.

And if they restore the phone that information is lost anyways, not to even mention the fact that the device will be stuck at activation lock as they won't know the icloud password to activate it.

 

[schmuckley]

Is it me..or does the "Chaos Computing Club" all look like they're playing pocket pool?

 

[octoberasian]

Ok, for the Paranoids, LifeLock dupes, NSA lapdogs, Fear mongers, Skeptics, Nomophobics, Cyberphobics, Conspiracy theorists, and the Tin foil hats, do this then:

(NOTE - NEED iOS 7 for Activation Lock to work.)

1. Purchase a NON-GLOSSY iPhone 5 case.
   
   Alternative.
   
   Example: http://www.spigen.com/iphone-5-case-ultra-thin-air-series.html
   
2. Purchase a screen protector that prevents smudges and fingerprints.
   
   Example: http://www.zagg.com/invisibleshield/apple-iphone-5-cases-screen-protectors-covers-skins-shields/6881
   
   Alternative: http://www.otterbox.com/iPhone-5/5S...iphone-5,default,pd.html?dwvar_cpseries=clean
3. Register for iCloud or go here to get an Apple ID, a prerequisite for setting up Activation Lock.
4. Turn on Find my iPhone in Settings. Activation Lock will be enabled once that is turned on.
5. Under Settings, go to General then Passcode Lock. TURN OFF SIMPLE PASSCODE and set Require Passcode to Immediately.
   
   Same rules for passwords apply here when setting up a passcode:
   1. Do not use anything identifiable in your password that can be found on social media sites such as Facebook.
   2. Do not use simple words and phrases.
   3. Do not use something as silly as a birthday, social security number, phone number or your aunt's name.
   4. Make it easy to remember such as "Iamparanoid"
   5. Alternate between upper and lower case letters such as "IamParaNoiD"
   6. Add in numbers such as "I2amPara7NoiD9"
   7. Don't write down this passcode on a piece of paper and keep it in your wallet or someplace that is even more stupid.
   8. Optional: Save the password in a program like KeePass and save the database file in a TrueCrypt encrypted virtual drive.
6. Buy a microfiber cloth to wipe down your iPhone after use.
7. Most importantly: USE COMMON SENSE when handling something as expensive as your smartphone, tablet, or laptop.

 

[Koolthulu]

There was a tv show on a Discovery channel you all might heard of called "mythbusters". They had an episode on this on beating a finger print scanner. they were able to do it pretty much with same method.

Sad thing is that episode was made around 10 years ago and the trick still works. They also figured out you didn't even need to go through all that trouble and that just wiggling your finger around the scanner would cause it to unlock.

 

[Fooshnik]

Ok, for the Paranoids, LifeLock dupes, NSA lapdogs, Fear mongers, Skeptics, Nomophobics, Cyberphobics, Conspiracy theorists, and the Tin foil hats, do this then:

(NOTE - NEED iOS 7 for Activation Lock to work.)

1. Purchase a NON-GLOSSY iPhone 5 case.
   
   Alternative.
   
   Example: http://www.spigen.com/iphone-5-case-ultra-thin-air-series.html
   
2. Purchase a screen protector that prevents smudges and fingerprints.
   
   Example: http://www.zagg.com/invisibleshield/apple-iphone-5-cases-screen-protectors-covers-skins-shields/6881
   
   Alternative: http://www.otterbox.com/iPhone-5/5S...iphone-5,default,pd.html?dwvar_cpseries=clean
3. Register for iCloud or go here to get an Apple ID, a prerequisite for setting up Activation Lock.
4. Turn on Find my iPhone in Settings. Activation Lock will be enabled once that is turned on.
5. Under Settings, go to General then Passcode Lock. TURN OFF SIMPLE PASSCODE and set Require Passcode to Immediately.
   
   Same rules for passwords apply here when setting up a passcode:
   1. Do not use anything identifiable in your password that can be found on social media sites such as Facebook.
   2. Do not use simple words and phrases.
   3. Do not use something as silly as a birthday, social security number, phone number or your aunt's name.
   4. Make it easy to remember such as "Iamparanoid"
   5. Alternate between upper and lower case letters such as "IamParaNoiD"
   6. Add in numbers such as "I2amPara7NoiD9"
   7. Don't write down this passcode on a piece of paper and keep it in your wallet or someplace that is even more stupid.
   8. Optional: Save the password in a program like KeePass and save the database file in a TrueCrypt encrypted virtual drive.
6. Buy a microfiber cloth to wipe down your iPhone after use.
7. Most importantly: USE COMMON SENSE when handling something as expensive as your smartphone, tablet, or laptop.

Where'd you copy/paste that from?

 

[octoberasian]

Where'd you copy/paste that from?

Wasn't copy/pasted.

I actually typed it out. Lol.

(That and when I'm bored, I just let my brain go on auto mode when I'm typing.)