Jump to content



Photo

Chaos Computer Club breaks Apple TouchID

iphone 5s touchid ios

  • Please log in to reply
46 replies to this topic

#16 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 16,057 posts
  • Joined: 23-August 04
  • Location: UK

Posted 22 September 2013 - 20:16

They're selling a system that is more secure than other current methods. It won't prevent anyone dedicated to accessing your device but it will stop casual thieves, strangers and friends from accessing your device without permission. Anything that improves security should be welcomed, as long as people aren't complacent about its limitations.

 

Rubbish.  A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient.




#17 vcfan

vcfan

    Doing the Humpty Dance

  • 5,257 posts
  • Joined: 12-June 11

Posted 22 September 2013 - 20:21

OK, now you're being just silly.  Security wise, there is an extremely low probability that you would obtain someone's phone AND obtain their fingerprint at the same point in time.  We're talking about a stranger obtaining your phone or thief; not your friends.

 

Even if you found/stoled the phone, managed to somehow track down the owner to get a fingerprint, enough time would have elapsed for the phone to have been reported stolen and is basically useless.

 

i dont disagree that its an extra hurdle to someone getting in your phone, but having physical access to the phone is the biggest hurdle,not the fingerprint,and not the passcode. actually,cloning the print might be even easier than getting the passcode in certain cases.

 

i was under the impression that the discussion is about the security of the fingerprint scanner,which apple is touting as more secure,which has been proven to be not secure at all,and can easily be broken. making your phone physically available to other parties is something totally different. unfortunately, no phone manufacturer has a feature that prevents stupidity.



#18 episode

episode

    Neowinian Fanatic

  • 6,813 posts
  • Joined: 11-December 01

Posted 22 September 2013 - 20:23

come over to my place,i'll offer you a drink in a glass cup, then when you leave,ill just lift your prints,photograph them,then do the process to have a copy.

 

But yet you still need physical access to my phone, which you will never have.



#19 primexx

primexx

    Neowinian Senior

  • 12,794 posts
  • Joined: 24-April 05

Posted 22 September 2013 - 20:24

i'm really annoyed that fingerprint scanner vendors don't add the ability to use fingerprints as 2-factor-auth in addition to a traditional passcode.



#20 vcfan

vcfan

    Doing the Humpty Dance

  • 5,257 posts
  • Joined: 12-June 11

Posted 22 September 2013 - 21:04

But yet you still need physical access to my phone, which you will never have.

i dont disagree, but adding a fingerprint scanner may in fact weaken the security of the device.



#21 theyarecomingforyou

theyarecomingforyou

    Tiger Trainer

  • 16,852 posts
  • Joined: 07-August 03
  • Location: Terra Prime Profession: Jaded Sceptic
  • OS: Windows 10 Preview
  • Phone: Galaxy Note 3 with Galaxy Gear

Posted 22 September 2013 - 21:08

Rubbish.  A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient.

So it's harder to overlook somebody entering their passcode than it is to watch somebody leave a clean fingerprint (with the appropriate finger), take a 2400DPI photo of it, clean-up and invert the image, print it using thick toner onto a transparent material, apply latex milk and moisten after it has dried? If you can't see how ridiculous you're being then I have nothing else to say to you.



#22 dead.cell

dead.cell

    My Body My Temple

  • 10,591 posts
  • Joined: 09-July 04
  • Location: Houston, TX
  • OS: Win 7 Pro / Win 8 Pro
  • Phone: Samsung Galaxy S5 Active

Posted 22 September 2013 - 21:15

You guys who seem to be under the impression that one single layer of security is somehow a good thing. That to me is the biggest joke here. The suggestion that this method should be avoided is by far ridiculous. If you're going to run with that theory, then you might as well not bother using wireless since someone could potentially drive by your house to tap into your "secured" WiFi.

 

Nothing is really secure; passwords, pins, pattern locks, and biometrics are simply a means of inconveniencing intruders, just like the locks on your doors and windows in your home.



#23 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 16,057 posts
  • Joined: 23-August 04
  • Location: UK

Posted 22 September 2013 - 21:15

So it's harder to overlook somebody entering their passcode than it is to watch somebody leave a clean fingerprint (with the appropriate finger), take a 2400DPI photo of it, clean-up and invert the image, print it using thick toner onto a transparent material, apply latex milk and moisten after it has dried? If you can't see how ridiculous you're being then I have nothing else to say to you.

 

Dude, leave the hyperbole out; that waffle has nothing at all to do with my comment and you know it.

 

I said, and I quote: "A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient."

 

For usage purposes, scanning a fingerprint might be slightly easier (if annoying after you've touched the damned sensor 3 or 4 times); but hacking... They might be able to lift a fingerprint from the screen given time (which they'll have if they've stolen it), but they aren't going to lift a passcode from it.



#24 episode

episode

    Neowinian Fanatic

  • 6,813 posts
  • Joined: 11-December 01

Posted 22 September 2013 - 21:26

i dont disagree, but adding a fingerprint scanner may in fact weaken the security of the device.

 

Not true. You need physical access and my fingerprint with the sensor. Without the sensor, you only need physical access (and time).



#25 spenser.d

spenser.d

    Neowinian Senior

  • 11,080 posts
  • Joined: 19-December 03

Posted 22 September 2013 - 21:27

But yet you still need physical access to my phone, which you will never have.

 

Which makes the difference between biometric and passcode security moot anyways.

 

I always thought having a passcode on a personal device was nonsense anyways.  You shouldn't really have anything that important behind just your 4-digit passcode and not another password anyways.  At that point, if your phone gets stolen, you go online and lock it down/reset it (you can do that with Windows Phone anyways, pretty sure you can do with the others).  Makes this whole discussion pointless.



#26 vcfan

vcfan

    Doing the Humpty Dance

  • 5,257 posts
  • Joined: 12-June 11

Posted 22 September 2013 - 22:04

you don't need physical access to the phone to lift the prints. You can get them off other surfaces. That's easier to accomplish sometimes than getting a passcode.

Not true. You need physical access and my fingerprint with the sensor. Without the sensor, you only need physical access (and time).



#27 dead.cell

dead.cell

    My Body My Temple

  • 10,591 posts
  • Joined: 09-July 04
  • Location: Houston, TX
  • OS: Win 7 Pro / Win 8 Pro
  • Phone: Samsung Galaxy S5 Active

Posted 22 September 2013 - 22:11

you don't need physical access to the phone to lift the prints. You can get them off other surfaces. That's easier to accomplish sometimes than getting a passcode.

"Hey, do you know what the weather's gonna be like tomorrow? My phone's acting up..."

 

*hold phone up as if you're still trying to get it to work, while actually recording being semi-over their shoulder*

 

Ta-da!...

 

Funny thing is that you didn't even have to turn your head to make them feel awkward, you were looking at your phone the whole time. Though, I suppose if talking to people is hard, then that'd be a bit of an issue. :p



#28 vcfan

vcfan

    Doing the Humpty Dance

  • 5,257 posts
  • Joined: 12-June 11

Posted 22 September 2013 - 22:22

"Hey, do you know what the weather's gonna be like tomorrow? My phone's acting up..."

 

*hold phone up as if you're still trying to get it to work, while actually recording being semi-over their shoulder*

 

Ta-da!...

 

Funny thing is that you didn't even have to turn your head to make them feel awkward, you were looking at your phone the whole time. Though, I suppose if talking to people is hard, then that'd be a bit of an issue. :p

if its a female you risk being suspected as being a perv for recording her cleavage.



#29 Hum

Hum

    totally wAcKed

  • 63,238 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 22 September 2013 - 22:27

Yeah -- retina scan, that's where it's at baby ...

 

th?id=H.4676030858855942&pid=15.1&H=120&

 

https://itunes.apple...d364280702?mt=8



#30 betasp

betasp

    Cooler than a polar bear's toenails...

  • 2,531 posts
  • Joined: 24-September 03
  • Location: 2nd Level of Hell

Posted 22 September 2013 - 22:31

My 10 year old makes it a sport to guess my password by watching me type it over a few days. He is about 60-70% accurate after two or three days. At least with my finger print the guess is out of the equation.

Oh and do you realize how hard it will be to get a clean print with all the validation points off of a screen that is touched throughout the day. I am just curious how many points Apple is matching to. The world does not work like CSI, the more touches without cleaning the more difficult it becomes. Also, what happens with screen protectors, does the accuracy change when trying to lift a print?