or Connect
AppleInsider › Forums › Mobile › iPhone › Apple's Touch ID already bypassed with established 'fake finger' technique
New Posts  All Forums:Forum Nav:

Apple's Touch ID already bypassed with established 'fake finger' technique - Page 4

post #121 of 319
Quote:
Originally Posted by KPOM View Post
 

 

Not necessarily. Fingerprint recognition in connection with retina scans or some other technique can still work. I agree, though, that companies may be spooked out of allowing Touch ID instead of a pass code on their enterprise profiles. The silly thing, though, is that pass codes can be deduced by looking at where the fingerprints or wear is on the screen. 

 

That can be defeated to some extent by requiring your employees to change their passwords frequently, or to use passwords with lots of distinct characters.

post #122 of 319

Some of you guys are acting as if you are personally being hacked. Chill.

post #123 of 319
Quote:
Originally Posted by Ramrod View Post

Sorry, best and easiest way is the pattern unlock that android uses. Apple should have put more money towards a better user experience, bigger and better screen, and better hardware overall. The fingerprint lock is useless in winter. What a hassle to keep taking off gloves to unlock my phone. I like what Nokia and Samsung did with the touchscreens that work with gloves. Get on it Apple. Stop these stupid gimmicks.

Stop with these stupid comments. Wah wah. I'm gonna have to take my gloves off? You also can't get your wallet out if your pocket with gloves on.

Fact is there are a lot of users that don't bother with any pass codes and a lot more users that hate having to type them in dozens of times per day.
Quote:
Originally Posted by Taniwha View Post

Believe what you want. You might want to remember that precisely this procedure was published in 2004 by the CCC and used effectively to demonstrate the absurd claim of the then German Interior Minister (Wolfgang Schäuble) that fingerprints were a secure means of idenification and authentication. They made Schäuble look like a complete idiot. For a while you could even buy Coffee Mugs with his "authentic fingerprint". So it's really trivial to fake fingerprints by this method which doesn't require any technology that's not available in millions of households round the world.

Damn nothing improves over 9 years. We're still in 2004 tech.
Quote:
Originally Posted by Ramrod View Post

Sorry to hear you don't know how to wipe your screen or that your friends can't come up with a complex pattern. And sorry to hear you blame the locking mechanism because the idiotic user didn't know how to connect the dots. Wow! Like I said, Denial is a helluva drug.
In the end I say don't worry what me or others think about this ridiculous gimmick. The inconvenience of having to constantly take your gloves off is enough reason to not want to use it. Come this winter, anyone with a GS4 can happily swipe in their pattern lock and never have to be inconvenienced with CONSTANTLY taking off their gloves. Samsung was smart enough to know this. Apple? Not so much.

Quit crying.
post #124 of 319
Quote:
Originally Posted by 1983 View Post

Just go somewhere and relax, you rude zealot! I'm not going anywhere, and while I'm an Apple fan, I'm not going to shut up when they make the occasional mistake.
The issue is there IS NO MISTAKE, other than your ill-informed assumptions. And your ridiculous position. The fact of the matter is that it is an extremely secure system for many reasons, not the least of which that around half of smartphone users don't even use a pass code to unlock.
post #125 of 319
Quote:
Originally Posted by Robin Huber View Post

My front door lock can be picked. Guess I am foolish. Will leave my doors open from now on.

try the new android door… the customization is too good and you can also select the door bells, sneak a peak from eyepiece with fish eye angle with some instagram filters (with some advertisements ofcourse), you can change the color of the doors and select many default themes.

 

/s

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply
post #126 of 319

I'm sure it's possible to jump off the top of the torch at the Statue of Liberty, but I don't think it's going to be done on a daily basis.

post #127 of 319
Quote:
Originally Posted by MacHarry de View Post

OK,is it possible to return the new iPhone 5s to Apple until this hard issue is solved?

 

It will never be resolved, but I sure Apple would be happy to give you a refund if you promise to go away and buy an Android based phone.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools." Douglas Adams

Reply

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools." Douglas Adams

Reply
post #128 of 319
All you have to do is to require both a password and a fingerprint.
post #129 of 319
All you have to do is to require both a fingerprint and a password. That would be an ultimate security method.
post #130 of 319
Originally Posted by jameskatt2 View Post
All you have to do is to require both a fingerprint and a password. That would be an ultimate security method.

 

Unless you forget your fingerprint, meaning it’s not.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #131 of 319
Quote:
Originally Posted by Arlor View Post

That can be defeated to some extent by requiring your employees to change their passwords frequently, or to use passwords with lots of distinct characters.

Well that's certainly convenient....
post #132 of 319
Quote:
Originally Posted by JDW View Post

I simply don't understand how this can be possible if one takes Apple's "sub-epidermal" statement at face value. Watch the following video on Apple's site, starting at 1:20...

http://www.apple.com/iphone-5s/videos/#video-touch

The way I understood it when presented at the keynote was that it reads the print on the surface of the skin as well as penetrating deeper into the skin to ensure the print could not be faked.

I don't write this to attack Apple. I write this to know if any of you can explain in technical detail how Apple's sensor reads sub-epidermal details of one's finger.

Or could this be a bug that prevents the sub-epidermal scan from taking place?

Thanks.

"Sub-dermal scanning" just refers to verifying the electrical activity that would be expected in live tissue. That way a plastic item or other "dead" object doesn't pass muster. If the CCC mock print isn't thin enough the electrical activity in the real finger underneath couldn't be read. That's the way I understand Authentec's tech anyway.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #133 of 319

I do not hold the keys to the US nuclear arsenal, but on my home screen I use a short convenient password. For more personal stuff, I use a longer password on an app lock. So for me, the fingerprint ID is just perfect.

post #134 of 319

No technology is foolproof!  fact!!!    So eventually somehow someway somebody was going to beat it. However the good part is that its not easily defeated and Apple will most likely fix the flaw.

post #135 of 319
Who knows if this is true. Those claims could be coming from Apple's competitors looking to spread fear. But screw that. There are bio metrics all over the effing place. I use a finger print reader to clock in and out from my job. Lenovo has one on their laptop. They are everywhere.
So don't let this bs deter you from getting an iPhone 5s.
post #136 of 319
It's really early morning in Germany so no reason for anyone to hang around waiting on CCC video IMO. If anyone wants to keep up with the latest and know the minute a video is submitted (or if) the two guys running the site and determining if there's a challenge winner are:
https://twitter.com/ErrataRob
https://twitter.com/nickdepetrillo

May be a few hours before anything important is posted.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #137 of 319

My kids know the 4-digit pin I use with my iPhone and my wife's pin.  How?  Because they are observant.  I could do the same thing with a colleague or a random dude on the subway.  Not consistently, but pretty easily.

 

That's why the fingerprint reader is more secure than a pin (or pattern swipe).

 

Could someone from the Impossible Mission team access my phone if I just use the fingerprint thing?  Probably.  Could my kids or office mates?  Probably not.  (But of course that's because they never take their gloves off ;-)

post #138 of 319
Quote:
Originally Posted by Secular Investor View Post

Hmmm,

This seems to be fake.

Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.

Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor

Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.

SO HOW DID THEY FAKE IT?

It looks very simple.

Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..

It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.

In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film

Let's see if I'm right. If I am how many millions of dollars do I get....LOL

Any comments

Look again, he uses his index finger to register the fingerprint and then he uses his middle finger to unlock it.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #139 of 319
What worries me is that Touch ID is being used to authenticate App Store purchases.
post #140 of 319
Originally Posted by openminded View Post
is there a way to fix this or is it gonna stay like this?

 

Obviously it will remain this way. Apple has no intention of giving users a good experience.

 
 It's pretty pathetic coming from a company that was pointing out that Android lags a lot. 

 

Almost makes you think that it’s something wrong with your device and not endemic of the OS, doesn’t it?

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #141 of 319
Quote:
Originally Posted by lkrupp View Post

Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it.  YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick. Lots of people run around with no lock code at all because they don't like punching numbers. Touch ID will let them have some real security because it's easy to use.

I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
 
Just go away and play with yourself.

A significant other actually would have the easiest method to unlock it. All they need do is place the phone on the finger of a sleeping user.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #142 of 319
again i believe we all love apple or at least admire it in some way - in the case of those who come here just to nay it. in any case humanity comes first (if there ever was any doubt this is in question) and given the snowden sharings like prism and such, i believe that we should focus more on the fact that, if biometrics here r clearly not something safe, then the hackers must have a point.. and if it isnt us saying something, no one will.. all apple lovers and even steve jobs admirers will always save the company and vision first and foremost by primarily upholding freedom.. peace.

apple user since 1983..

IIe, IIc, 128k, Plus, Se/30, IIci, LC, SI, LCIII, PPC7100, G3, iMac Bondi

Newton MP2000, iPod 10Gb / Touch 4g, iPhone / 3G

PowerBook 170 / G3 Lombard / G4 17" 1GHz

Reply

apple user since 1983..

IIe, IIc, 128k, Plus, Se/30, IIci, LC, SI, LCIII, PPC7100, G3, iMac Bondi

Newton MP2000, iPod 10Gb / Touch 4g, iPhone / 3G

PowerBook 170 / G3 Lombard / G4 17" 1GHz

Reply
post #143 of 319
Wouldn't it be nice if Apple allowed for a user to enter a bogus finger scan (Think left index finger instead of right index finger etc.) that if entered it would wipe the phone. Or two finger authentication. If you pick the wrong two or wrong sequence it would wipe the phone.
post #144 of 319

I do think it could be planned better than that. If I wanted to gain access to someone's email, Facebook or buy things on iTunes, etc. here's what could be done - would be easy for a work colleague/spouse/etc.:

1. Get the fingerprint (I'm guessing it's going to be the thumb for 90% of people) from a glass or something else.

2. Prepare the fake print (taking all the time you need)

3. Then at an opportune moment (going to the restroom at a restaurant, a meeting at work, at a bar, etc.)

4. Then quickly grab the phone - get what you need in a matter of seconds - then put the phone back.

 

I'm an Apple fan, and maybe there's a flaw in what I've outlined... but it would be good to know whether or not this could be done in a relatively easy way. Of course there has to be motive and effort... but a scheming spouse, work colleague, etc. could do it and you wouldn't even know!! It would be hard to find out also.

 

I will be using it - I generally never leave my phone unattended (except for charging at night). But I would like to know if it's possible this way.

post #145 of 319
Quote:
Originally Posted by Rogifan View Post

Let me guess...this CCC outfit as an agenda and will use Apple to further it.

 

No.  At least not what you imply.  CCC has been around for 20 years or longer, and does what it claims - hacking.  When IE came out, they went on national TV to show bank funds transferred from one account to another, without anything showing on the screen.

 
They hack things.  This is hackable, so they hacked it.
post #146 of 319
I don't see the system fooled according what i see in the video. If i'm not wrong, the system works using sub-epidermic skin layer then basically they just put another layer of death skin but are still using the SAME finger they register, then they are not showing anything different to a thicker epidermic skin been used. If they change the finger or shows another hand, well that's truly a proof. Any other way is just get traffic to your youtube video fooling readers with sensationalist titles . Let me clarify, i'm not against they break the system, just look that they dont get it yet. Anyway even if they show another video with different hands accessing a unique fingerprint i believe the system is still good enough to replace password in a daily basis.
post #147 of 319
Quote:
Originally Posted by ruckerz View Post

What worries me is that Touch ID is being used to authenticate App Store purchases.

 

Yes, nothing scares me more than someone who can obtain my fingerprints, create a good copy to fool Touch Id, steal my iphone and... purchase a dozen of $0.99 apps

post #148 of 319
Quote:
Originally Posted by Wovel View Post
 
Quote:
Originally Posted by Ramrod View Post
 
Quote:
Originally Posted by Slurpy View Post

 

There's so many falsities in your moronic, mindless troll post, that one does not know where to start. 
"Best and easiest"? Really? Easier than leaving my finger on the home button for a fraction of a second after clicking it? How the **** does that NOT improve user experience? Do you even know what that word means? Touch ID will be used hundreds of times a day by hundreds of millions of people. That does not qualify as a "gimmick". 
Better quality screen? Scientific tests have shown that the iPhone 5/5s screen is literally the best in the industry, by a dozen or so metrics. Larger? Thats simply your personal preference. 
 
The only gimmick is your post, which is asinine on so many levels. I have a Nexus 4. No, the pattern unlock is not the be-all-and-end-all of security. After getting used to touch ID, it seems like an obsolete, stone-age hassle. 

Again, what about the gloves in the winter time? Yeah, didn't think you cared to address that issue. Hmm.....

Unless you are one if the 10 people to buy capacitive gloves, your taking one off anyway...

 

My thought exactly. How many people actually buy gloves specifically to work with cell phones? The vast majority of customers have to take them off to use code unlock and operate the phone anyway, so this is a completely manufactured spurious concern.

post #149 of 319
Quote:
Originally Posted by Odinsdad View Post

Wouldn't it be nice if Apple allowed for a user to enter a bogus finger scan (Think left index finger instead of right index finger etc.) that if entered it would wipe the phone. Or two finger authentication. If you pick the wrong two or wrong sequence it would wipe the phone.

 

That's potentially a cool idea, though I suppose it would be pretty easily defeated once somebody saw you use the Touch ID even once. But it's better than ideas that would wipe the phone with a wrong fingerprint (since even a muddy or sweaty finger can already confuse the sensor). 

post #150 of 319
Quote:
Originally Posted by pan101 View Post
 

I do think it could be planned better than that. If I wanted to gain access to someone's email, Facebook or buy things on iTunes, etc. here's what could be done - would be easy for a work colleague/spouse/etc.:

1. Get the fingerprint (I'm guessing it's going to be the thumb for 90% of people) from a glass or something else.

2. Prepare the fake print (taking all the time you need)

3. Then at an opportune moment (going to the restroom at a restaurant, a meeting at work, at a bar, etc.)

4. Then quickly grab the phone - get what you need in a matter of seconds - then put the phone back.

 

I'm an Apple fan, and maybe there's a flaw in what I've outlined... but it would be good to know whether or not this could be done in a relatively easy way. Of course there has to be motive and effort... but a scheming spouse, work colleague, etc. could do it and you wouldn't even know!! It would be hard to find out also.

 

I will be using it - I generally never leave my phone unattended (except for charging at night). But I would like to know if it's possible this way.

 

The flaws are in steps 2 and 3.  First off, step 2 takes a ton of work and maybe you screw it up.  Then, more importantly, WTF leaves their phone behind when they go to the restroom?  Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,

post #151 of 319
Quote:
Originally Posted by meridian180 View Post

This video is misleading.

Assuming that the screen for setting up a second finger is the same as the first...

1. Notice he doesn't try the middle (unlocking) finger FIRST, to show that it CANNOT unlock the phone by itself.
2. Thus, the film he puts on his finger could be anything, because the middle finger could already be set up to unlock. The phone unlocks because it might already be set up.

And that doesn't even address if it's possible to get a complete enough print on a phone surface to photograph at the 2400dpi. Doubtful.

Way too much NOT shown in this clip.

Agreed. I thought the same thing when I saw this clip.
post #152 of 319
Quote:
Originally Posted by malax View Post
 

 

The flaws are in steps 2 and 3.  First off, step 2 takes a ton of work and maybe you screw it up.  Then, more importantly, WTF leaves their phone behind when they go to the restroom?  Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,

 

Heck, I go to the bathroom to use my phone, because apparently it's rude to use it in front of other people. Lol.

post #153 of 319
Quote:
Originally Posted by Arlor View Post
 

 

I think the concern is not so much about the phone as the data on it and the ability to spend money with the phone (if there's a wallet account linked to it). My phone's insured with a modest deductible; I suspect that a lot of people (albeit maybe not most) with phones this expensive have some form of insurance cover. But the insurance doesn't protect you against data or identity theft. This is especially a worry for people who are using their phone for corporate stuff. 

 

I shouldn't act like this is not a security issue, others have said this, if you have reason to believe your phone was stolen, do a remote wipe. But consider this kind of theft takes time, even if a good print can be found on the phone itself (a screen protector probably solves this); take it to someone who knows how to do this and have the tools, lift a print, scan it, clean it up, print it etc. Meanwhile, find my iPhone (if its set up) can pinpoint the device the whole time. And the touch id "reset" is 48 hours right? So if its a random iPhone, its probably not easy to crack.

 
I just cleaned my ipod and tried using an app, then looked at the finger prints left on, I mostly see smudged prints, there is one that is quite clear, but its not large, its the first deliberate tap to launch an app near a top corner (try it yourself!), don't know if its large enough, but the person who got hold of a phone will handle it too leaving their prints on, so its all a bit pro cracking touch id, takes some organizing to steal someone's phone and get inside it via touch id.
post #154 of 319
Phone does not look like a 5
Edited by CompuMagic - 9/22/13 at 8:56pm
post #155 of 319
Quote:
Originally Posted by Ramrod View Post

Honestly? Do you live in a bubble? WTF? Just because you're fine with not using gloves in the winter doesn't mean the rest of us are. The overwhelming population in North America alone (forget the rest of the world for a second) wears gloves in the winter. 
And YES there are gloves out there that work with TOUCHSREENS (not just iPhones), but these gloves don't work with the Touch ID. That's what the discussion is. Are you so bent on wanting everyone to love the Touch ID that you could not see this point? One more time now, the point of mentioning gloves was to point out they do not work with the TOUCH ID. Can't believe I had to actually point this out. Dang!

But what if I wear my mittens? What then?
post #156 of 319
I'm with the skeptics. The putative method is clever, like a magic trick %u2013 bravo! %u2013 but I'd like to see it independently verified before believing it . The sensor is capacitative, not optical, so it seems unlikely that it works except with a perfect print, physical transfer, and thickness of PVA.

The hackers aren't impartial: they are opposed to biometrics and (wrong-headedly) think that showing that it can be spoofed makes a case against it. (They should stick to jumping up and down about American-NSA phone-tapping in Germany etc., which is a REAL and pernicious threat to both personal and corporate security [ECHELON anyone?]).
post #157 of 319
No Problem really.
Don't use a finger... Use a knuckle on the back of any finger.
Then a standard fingerprint impression won't unlock anything!
post #158 of 319
Quote:
Originally Posted by Gatorguy View Post

"Sub-dermal scanning" just refers to verifying the electrical activity that would be expected in live tissue. That way a plastic item or other "dead" object doesn't pass muster. If the CCC mock print isn't thin enough the electrical activity in the real finger underneath couldn't be read. That's the way I understand Authentec's tech anyway.

 

Thanks for the explanation.  I had been thinking that the sensor could literally see physical features under the outer layer of skin, making it impossible to fake simply by using a copy of the external fingerprint.  But if that "sub-dermal" scanning is, as you say, merely confirming life itself, then there really isn't much that is special about this sensor at all, other than it's high resolution.

post #159 of 319
Quote:
Originally Posted by 1983 View Post
 

 

Just go somewhere and relax, you rude zealot! I'm not going anywhere, and while I'm an Apple fan, I'm not going to shut up when they make the occasional mistake.

 

What is the mistake?

post #160 of 319
Quote:
Originally Posted by malax View Post
 

 

The flaws are in steps 2 and 3.  First off, step 2 takes a ton of work and maybe you screw it up.  Then, more importantly, WTF leaves their phone behind when they go to the restroom?  Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,

 

I don't even remember what pooping was like before smartphones.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple's Touch ID already bypassed with established 'fake finger' technique
AppleInsider › Forums › Mobile › iPhone › Apple's Touch ID already bypassed with established 'fake finger' technique