Jump to content



Photo

Chaos Computer Club breaks Apple TouchID

iphone 5s touchid ios

  • Please log in to reply
46 replies to this topic

#31 Rohdekill

Rohdekill

    Neowinian Senior

  • 3,516 posts
  • Joined: 06-July 05
  • Location: Earth

Posted 22 September 2013 - 22:58

Dude, leave the hyperbole out; that waffle has nothing at all to do with my comment and you know it.

 

I said, and I quote: "A decent passcode is far more secure than a fingerprint ever will be.  It's just not quite as convenient."

 

For usage purposes, scanning a fingerprint might be slightly easier (if annoying after you've touched the damned sensor 3 or 4 times); but hacking... They might be able to lift a fingerprint from the screen given time (which they'll have if they've stolen it), but they aren't going to lift a passcode from it.

You're assuming a clean glass screen with a few fingerprints.  Try and grab one off a screen with thousands of overlapping prints, and most are smeared.

 

There's no saying Apple might not include a pin code lock at some point for two point security.  I'm certain they'll be watching the number of thefts going forward and implement it if needed.

 

But as for single point security, biometrics beats a pin code.  Biometrics secures based on what you have.  Meaning, you must have the print each time to unlock and can be difficult and time consuming to obtain a useable copy.  A pin code is based on what you know.  Watch the code be entered or force the person to tell it and you can unlock it anytime. 




#32 FloatingFatMan

FloatingFatMan

    Resident Fat Dude

  • 15,393 posts
  • Joined: 23-August 04
  • Location: UK

Posted 23 September 2013 - 05:17

I did say might.



#33 Brian Miller

Brian Miller

    Neowinian Senior

  • 2,976 posts
  • Joined: 15-December 10

Posted 23 September 2013 - 05:23

I knew it!

#34 Elliot B.

Elliot B.

    Over 12 years on Neowin

  • 20,043 posts
  • Joined: 16-August 01
  • Location: West Midlands, UK
  • OS: Windows 8.1
  • Phone: Samsung Galaxy S5

Posted 23 September 2013 - 06:21

So, and forgive my ignorance here, can you only register 1 finger print?

Five.

#35 Elliot B.

Elliot B.

    Over 12 years on Neowin

  • 20,043 posts
  • Joined: 16-August 01
  • Location: West Midlands, UK
  • OS: Windows 8.1
  • Phone: Samsung Galaxy S5

Posted 23 September 2013 - 06:23

All security systems have their weaknesses. However, it requires a lot more effort to bypass a fingerprint scanner than it does to overlook somebody typing in their pincode / pattern. The best security method is of course to prevent other people from accessing your phone.

The fingerprint scanners on the iPhone and various Android devices offer a decent level of security for casual use and an improvement upon previous systems.

So far, no consumer Android device offers this kind of scanner. I believe a HTC model (can't remember which one, it was large) offered a scanner, but it was crappy like those ones you get on laptops.

#36 InTheSwiss

InTheSwiss

    Neowinian

  • 257 posts
  • Joined: 11-September 13

Posted 23 September 2013 - 08:57

At the end of the day everyone knew this was going to happen. It has been known for years that fingerprint scanners can be tricked quite easily. There was a pretty good MythBusters episode on how easy it is. I know the tech has improved over the years but it is still quite poor.

 

However I don't see this as making Touch ID totally pointless. The point of Touch ID isn't so much to make your phone super secure it is designed to make security a little bit easier/transparent than using a passcode/password on the lock screen which, as Apple said in the key note, a lot of people do not use.Touch ID will hopefully make people have slightly more secure phones as it is not very likely somebody is going to go to this much effort to get your phone.

 

One issue this does have is that it shows that using Touch ID for anything important might not be a good idea. Unlocking your phone is fine but using it as a form of identification/authorisation for purchases, etc. ? Maybe not such a great idea. As with all security vs. convenience it is a trade off between how much the security gets in the way.



#37 goodbytes

goodbytes

    Just below average Joe

  • 6,112 posts
  • Joined: 07-May 04
  • Location: England

Posted 23 September 2013 - 08:57

It's actually laughable the people arguing for this in this thread, as if it's easy to grab a clean finger print, take a high resolution image of it, clean it, invert it, print it on thick toner, apply latex milk, somehow get their phone long enough to bypass the touch ID, to do what? write "i am gay" on their Facebook status?

 

It's a ######ing phone.

 

Not only do you need a degree in forensic science or have some really good tools at your disposal, you need access to the physical device.

 

Ok, from a technical stand point its very much breakable and less secure than other methods but for real world situations it's a perfectly viable solution to the annoying passcode.

 

I'll say it again, if you have something on your phone that would warrant somebody going to such extreme lengths to get access then the chances are this would be the least of your worries.



#38 XerXis

XerXis

    Neowinian Senior

  • 5,052 posts
  • Joined: 13-February 06
  • Location: Belgium

Posted 23 September 2013 - 09:17

OK, now you're being just silly.  Security wise, there is an extremely low probability that you would obtain someone's phone AND obtain their fingerprint at the same point in time.  We're talking about a stranger obtaining your phone or thief; not your friends.

 

Even if you found/stoled the phone, managed to somehow track down the owner to get a fingerprint, enough time would have elapsed for the phone to have been reported stolen and is basically useless.

Unless you use your phone wearing gloves all the time, changes are highly likely that there is at least one good fingerprint on the back of your phone. Of course a casual thief might not go through the trouble of creating a fake finger print out of latex. But still, it proves that a fingerprint as a security method is not better (and probably worse) than a good password.



#39 ashpowell

ashpowell

    Neowinian

  • 730 posts
  • Joined: 13-November 06
  • Location: UK
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 23 September 2013 - 09:49

Ok so they have to get your fingerprint which is difficult enough, then get your phone too.. not that simple.



#40 ichi

ichi

    Akihabara Style

  • 4,906 posts
  • Joined: 20-December 04

Posted 23 September 2013 - 11:28

The fingerprint scanner is great to protect the phone from coworkers or friends that might want to take a look at your phone without your knowledge, as it's easy to set up and non trivial to break for someone without enough determination.

 

As a thief deterrent though is about as useful (or useless) as a PIN code.

 

Maybe thieves will now carry fringerprint ink kits around?  :D



#41 Binary

Binary

    Proud to be Canadian

  • 2,421 posts
  • Joined: 19-October 01
  • Location: Canada
  • OS: OS X 10.9 & Windows 8 (iMac 2012). Mobile: iOS7 (iPhone 5S & iPad Mini Retina), Android 4.2 & WebOS (TouchPad).

Posted 23 September 2013 - 11:50

*Sigh*

 

I'll repost what I posted to macrumors:

 

If someone has that sensitive of information, you hold them at gun point/drug them/or simply hold them down, and force them to unlock the phone with their own finger.

That is the easiest route to obtain the information, far easier than stealing their phone, following them to lift prints off of objects, then go through this fairly extensive routine.

Seriously, if a thief wants your information bad enough, they will go to any lengths to obtain it. Nothing is 100% secure.

This will however deter any common thieves. 

And really, what are they going to obtain anyways? Currently, only your Apple ID, so then what? They can make some illegitimate purchases using your iTunes account? Tell your wife you're texting some other broad?

Who really leaves any pertinent, sensitive information, unencrypted on a phone anyways?


Jeez.



#42 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • 19,309 posts
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 23 September 2013 - 11:57

So why exactly are people surprised about this? Most fingerprint scanners are susceptible to attacks like these, it's literally nothing new.

I remember reading a few years ago about children at a school that used fingerprint scanners for attendance records, breaking it by keeping gummy bears in their pockets and pressing it to the scanner to trick it.

#43 +Majesticmerc

Majesticmerc

    Resident Idealist

  • 6,025 posts
  • Joined: 24-August 05
  • Location: United Kingdom
  • OS: Arch Linux / Win 7
  • Phone: HTC One X

Posted 23 September 2013 - 12:12

I'll just leave this here:

 

security.png



#44 Shadrack

Shadrack

    Neowinian Senior

  • 15,058 posts
  • Joined: 20-December 01

Posted 23 September 2013 - 16:32

OMG.  This proves it once and for all: Apple is doomed.  Doooommmeed.



#45 #Michael

#Michael

    Neowinian Senior

  • 6,139 posts
  • Joined: 28-August 01

Posted 23 September 2013 - 21:31

Apple should sponsor an actual contest to see if someone or some group can actually hack/get passed the sensor.