Sign in to follow this  
Followers 0

47 posts in this topic

Posted

Chaos Computer Club breaks Apple TouchID

 

The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates

Share this post


Link to post
Share on other sites

Posted

grumpy-cat-good-1.jpg

2 people like this

Share this post


Link to post
Share on other sites

Posted

But tbf

The chances that someone will be able to take a 1200 dpi photograph of your fingerprint without your knowledge, however, is slim.

4 people like this

Share this post


Link to post
Share on other sites

Posted

So, and forgive my ignorance here, can you only register 1 finger print?

Share this post


Link to post
Share on other sites

Posted

All security systems have their weaknesses. However, it requires a lot more effort to bypass a fingerprint scanner than it does to overlook somebody typing in their pincode / pattern. The best security method is of course to prevent other people from accessing your phone.

 

The fingerprint scanners on the iPhone and various Android devices offer a decent level of security for casual use and an improvement upon previous systems.

2 people like this

Share this post


Link to post
Share on other sites

Posted

All security systems have their weaknesses. However, it requires a lot more effort to bypass a fingerprint scanner than it does to overlook somebody typing in their pincode / pattern. The best security method is of course to prevent other people from accessing your phone.

 

The fingerprint scanners on the iPhone and various Android devices offer a decent level of security for casual use and an improvement upon previous systems.

 

Keep telling yourself that, but at the end of the day, they're still selling you fairy wings and unicorn horns.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

But tbf

The chances that someone will be able to take a 1200 dpi photograph of your fingerprint without your knowledge, however, is slim.

come over to my place,i'll offer you a drink in a glass cup, then when you leave,ill just lift your prints,photograph them,then do the process to have a copy.

Share this post


Link to post
Share on other sites

Posted

Almost impossible to do in a real world situation, and if anyone would go to such lengths to get into your phone i would imagine it to be the least of your worries.

 

The article is flame bait.. while a lot of it might be true it's simply irrelevant to the average user.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Haha sounds simple enough.

Share this post


Link to post
Share on other sites

Posted

 

it's simply irrelevant to the average user.

 

So is biometric security in general.

Share this post


Link to post
Share on other sites

Posted

So is biometric security in general.

 

I bet you the simplicity of it and the way Apple implemented it will make a lot of people use it.  I wouldn't be surprised if other companies offered the same feature in their future phones. 

Share this post


Link to post
Share on other sites

Posted

come over to my place,i'll offer you a drink in a glass cup, then when you leave,ill just lift your prints,photograph them,then do the process to have a copy.

OK, now you're being just silly.  Security wise, there is an extremely low probability that you would obtain someone's phone AND obtain their fingerprint at the same point in time.  We're talking about a stranger obtaining your phone or thief; not your friends.

 

Even if you found/stoled the phone, managed to somehow track down the owner to get a fingerprint, enough time would have elapsed for the phone to have been reported stolen and is basically useless.

Share this post


Link to post
Share on other sites

Posted

Keep telling yourself that, but at the end of the day, they're still selling you fairy wings and unicorn horns.

They're selling a system that is more secure than other current methods. It won't prevent anyone dedicated to accessing your device but it will stop casual thieves, strangers and friends from accessing your device without permission. Anything that improves security should be welcomed, as long as people aren't complacent about its limitations.

Share this post


Link to post
Share on other sites

Posted

It also may work by simply lifting a fingerprint from the stolen phones screen ... 

1 person likes this

Share this post


Link to post
Share on other sites

Posted

^ Yeah... That's the thing about modern smartphones, that they have touch screens made of glass... :p

Share this post


Link to post
Share on other sites

Posted

They're selling a system that is more secure than other current methods. It won't prevent anyone dedicated to accessing your device but it will stop casual thieves, strangers and friends from accessing your device without permission. Anything that improves security should be welcomed, as long as people aren't complacent about its limitations.

 

Rubbish.  A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient.

Share this post


Link to post
Share on other sites

Posted

OK, now you're being just silly.  Security wise, there is an extremely low probability that you would obtain someone's phone AND obtain their fingerprint at the same point in time.  We're talking about a stranger obtaining your phone or thief; not your friends.

 

Even if you found/stoled the phone, managed to somehow track down the owner to get a fingerprint, enough time would have elapsed for the phone to have been reported stolen and is basically useless.

 

i dont disagree that its an extra hurdle to someone getting in your phone, but having physical access to the phone is the biggest hurdle,not the fingerprint,and not the passcode. actually,cloning the print might be even easier than getting the passcode in certain cases.

 

i was under the impression that the discussion is about the security of the fingerprint scanner,which apple is touting as more secure,which has been proven to be not secure at all,and can easily be broken. making your phone physically available to other parties is something totally different. unfortunately, no phone manufacturer has a feature that prevents stupidity.

Share this post


Link to post
Share on other sites

Posted

come over to my place,i'll offer you a drink in a glass cup, then when you leave,ill just lift your prints,photograph them,then do the process to have a copy.

 

But yet you still need physical access to my phone, which you will never have.

Share this post


Link to post
Share on other sites

Posted

i'm really annoyed that fingerprint scanner vendors don't add the ability to use fingerprints as 2-factor-auth in addition to a traditional passcode.

Share this post


Link to post
Share on other sites

Posted

But yet you still need physical access to my phone, which you will never have.

i dont disagree, but adding a fingerprint scanner may in fact weaken the security of the device.

Share this post


Link to post
Share on other sites

Posted

Rubbish.  A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient.

So it's harder to overlook somebody entering their passcode than it is to watch somebody leave a clean fingerprint (with the appropriate finger), take a 2400DPI photo of it, clean-up and invert the image, print it using thick toner onto a transparent material, apply latex milk and moisten after it has dried? If you can't see how ridiculous you're being then I have nothing else to say to you.

Share this post


Link to post
Share on other sites

Posted

You guys who seem to be under the impression that one single layer of security is somehow a good thing. That to me is the biggest joke here. The suggestion that this method should be avoided is by far ridiculous. If you're going to run with that theory, then you might as well not bother using wireless since someone could potentially drive by your house to tap into your "secured" WiFi.

 

Nothing is really secure; passwords, pins, pattern locks, and biometrics are simply a means of inconveniencing intruders, just like the locks on your doors and windows in your home.

Share this post


Link to post
Share on other sites

Posted

So it's harder to overlook somebody entering their passcode than it is to watch somebody leave a clean fingerprint (with the appropriate finger), take a 2400DPI photo of it, clean-up and invert the image, print it using thick toner onto a transparent material, apply latex milk and moisten after it has dried? If you can't see how ridiculous you're being then I have nothing else to say to you.

 

Dude, leave the hyperbole out; that waffle has nothing at all to do with my comment and you know it.

 

I said, and I quote: "A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient."

 

For usage purposes, scanning a fingerprint might be slightly easier (if annoying after you've touched the damned sensor 3 or 4 times); but hacking... They might be able to lift a fingerprint from the screen given time (which they'll have if they've stolen it), but they aren't going to lift a passcode from it.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

i dont disagree, but adding a fingerprint scanner may in fact weaken the security of the device.

 

Not true. You need physical access and my fingerprint with the sensor. Without the sensor, you only need physical access (and time).

1 person likes this

Share this post


Link to post
Share on other sites

Posted

But yet you still need physical access to my phone, which you will never have.

 

Which makes the difference between biometric and passcode security moot anyways.

 

I always thought having a passcode on a personal device was nonsense anyways.  You shouldn't really have anything that important behind just your 4-digit passcode and not another password anyways.  At that point, if your phone gets stolen, you go online and lock it down/reset it (you can do that with Windows Phone anyways, pretty sure you can do with the others).  Makes this whole discussion pointless.

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.