Apple's Touch ID already bypassed with established 'fake finger' technique

17810121317

Comments

  • Reply 181 of 330
    sflocalsflocal Posts: 5,816member
    ceek74 wrote: »
    But what if I wear my mittens? What then?
    Ramrod is just being a complete tool. Case in point, I don't even have to wait for winter. I ride my motorcycle almost every day and when I have to use my phone, I instinctively take my gloves off.

    Not ONCE did I ever think "this sucks, I should not have to take my gloves off. Shame on Apple."

    People like him think Apple should revolve around their specific needs and if Apple can't achieve the needs of 100% of all users, then Apple shouldn't even try.
  • Reply 182 of 330

     

    "Ya, I have defeated your puny touch id.  There is no security on your phone.

    Ve are doomed and I am filled with remorse, and it is most delicious.

    Vould you like to touch my monkey?"

  • Reply 183 of 330
    Quote:
    Originally Posted by jameskatt2 View Post



    All you have to do is to require both a fingerprint and a password. That would be an ultimate security method.

     

    No. All you need to do is use your nipple instead. LOL.

  • Reply 184 of 330
    Not just any "hacking" group. Chaos Computer Club is a pretty elitist group of computer tech enthusiasts.

    These are the same guys that proved to the German Gov that the finger print technology is passports is brain dead by hijacking one of the ministers finger prints from his own passport.

    If they say they have done it I'd say it's 99.999% legit. Fingerprint anything is stupid anyways, much easier to unlock your phone by placing you handcuffed fingers on the sensor than to force you to surrender your password.
  • Reply 185 of 330
    Quote:

    Originally Posted by MrBowfinger View Post



    Congratulations to the submitter that said in the time it would take to go through the proces the phone would be wiped. Correct me if I'm wrong. The person who cracks the phone shouldn't be able to gain access unless he or she has the ID and the passcode.

    From http://support.apple.com/kb/HT5949

     

    "To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation, such as:


    • After restarting your iPhone 5s

    • When more than 48 hours have elapsed from the last time you unlocked your iPhone 5s

    • To enter the Passcode & Fingerprint setting

    Since security is only as secure as its weakest point, you can choose to increase the security of a 4-digit passcode by using a complex alphanumeric passcode. To do this, go to Settings > General > Passcode & Fingerprint and turn Simple Passcode off. This will allow you to create a longer, more complex passcode that is inherently more secure. Security is further strengthened by using a mixture of uppercase and lowercase letters, numbers, and symbols."

    If you have find my iphone on, you will not be able to wipe the device unless you know the password that is associated with the icloud account on the device, so a passcode or fingerprint alone will not be enough to wipe the device.

  • Reply 186 of 330
    Quote:
    Originally Posted by Marcel655 View Post

    much easier to unlock your phone by placing you handcuffed fingers on the sensor than to force you to surrender your password.

    When there is a gun pointed to your head, what is the difference?

  • Reply 187 of 330
    Quote:



    Originally Posted by sflocal View Post





    Ramrod is just being a complete tool. Case in point, I don't even have to wait for winter. I ride my motorcycle almost every day and when I have to use my phone, I instinctively take my gloves off.



    Not ONCE did I ever think "this sucks, I should not have to take my gloves off. Shame on Apple."



    People like him think Apple should revolve around their specific needs and if Apple can't achieve the needs of 100% of all users, then Apple shouldn't even try.

     

    Haha, what tool you are. Typical Apple apologist. Grow a pair and start thinking for yourself otherwise leave. You see, other phones like the Lumia 920 or GS4 would allow you to use your phone with your gloves on. How any fool wouldn't welcome this feature says a lot for their inability to think logically.  But hey, keep fighting the good fight. Denial is a helluva drug.

  • Reply 188 of 330
    Quote:

    Originally Posted by cutykamu View Post

     

    try the new android door… the customization is too good and you can also select the door bells, sneak a peak from eyepiece with fish eye angle with some instagram filters (with some advertisements ofcourse), you can change the color of the doors and select many default themes.

     

    /s


    The android door has been discontinued for being too open.  SInce most purchasers did not want a "walled garden" they removed the "door" part of the android door and it's just a knob and a deadbolt that are both lying on the floor. Also the Keylime keys don't work with the Jellybean keys and the kitkat keys melt in your pocket. <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />

  • Reply 189 of 330
    can they add another check for something like blood flow or heart beat

    the iWatch can do it
  • Reply 190 of 330
    Quote:

    Originally Posted by lkrupp View Post



    I can see the police or government agencies doing it but the common thief who lifts your iPhone on the street?

    Note, that if the phone is shut off of 48 hours have passed without unlocking, the phone will require the password to unlock. So, whoever takes the phone, they should be fast in unlocking. Apple should make the 48 hours period is configurable to say 4 hours to decrease the window of opportunity.

     

    Also, Touch ID actually allows the owner to set really long and strong password since they'll be using it rarely. At present I use a 4-digit passcode, for convenience. Once I get the 5s, I'm changing it with a password.

  • Reply 191 of 330
    capasicum wrote: »
    Note, that if the phone is shut off of 48 hours have passed without unlocking, the phone will require the password to unlock. So, whoever takes the phone, they should be fast in unlocking. Apple should make the 48 hours period is configurable to say 4 hours to decrease the window of opportunity.

    <span style="line-height:1.4em;">Also, Touch ID actually allows the owner to set really long and strong password since they'll be using it rarely. At present I use a 4-digit passcode, for </span>
    convenience<span style="line-height:1.4em;">. Once I get the 5s, I'm changing it with a password.</span>

    You can do that now. Go to passcode lock and change the Simple passcode to off. Now you can make an alphanumeric passcode.
  • Reply 192 of 330
    Quote:

    Originally Posted by HammerofTruth View Post





    You can do that now. Go to passcode lock and change the Simple passcode to off. Now you can make an alphanumeric passcode.

     

    I know how to do it, I've used a password for a few days, and it is pretty annoying entering 12+ symbols every time I need my phone.



    What I'm saying is that the Touch ID will allow me to have quick access while the actual password is strong enough.

  • Reply 193 of 330
    Quote:

    Originally Posted by Gatorguy View Post

     
    Quote:

    Originally Posted by JDW View Post



    I simply don't understand how this can be possible if one takes Apple's "sub-epidermal" statement at face value. Watch the following video on Apple's site, starting at 1:20...



    http://www.apple.com/iphone-5s/videos/#video-touch



    The way I understood it when presented at the keynote was that it reads the print on the surface of the skin as well as penetrating deeper into the skin to ensure the print could not be faked.



    I don't write this to attack Apple. I write this to know if any of you can explain in technical detail how Apple's sensor reads sub-epidermal details of one's finger.



    Or could this be a bug that prevents the sub-epidermal scan from taking place?



    Thanks.




    "Sub-dermal scanning" just refers to verifying the electrical activity that would be expected in live tissue. That way a plastic item or other "dead" object doesn't pass muster. If the CCC mock print isn't thin enough the electrical activity in the real finger underneath couldn't be read. That's the way I understand Authentec's tech anyway.

     

    From the publicly available information on Authentec's E-field scanning I would have to conclude that you have misunderstood the technology. If it works as presented then it is actually measuring electrical equipotentials between a conductive reference plane in the sensor and the RF-modulated non-planar (3-D) conductive target surface - the moist subdermal skin layer. As such it differs from regular capacitative scanning in that it does not even see the (relatively) non-conductive surface skin layer or the air gaps between ridges. To fool it would necessitate the creation of a conductive 3-D replica of the fingerprint, not just a 2-D image. I can't see any part of the asserted hack that satisfies that requirement, so it will be interesting to see if this proves to be real.

  • Reply 194 of 330
    OK,is it possible to return the new iPhone 5s to Apple until this hard issue is solved?

    I wish there were more people like you; they're all sold out at my end!
  • Reply 195 of 330

    So, at least now we have found a real-life purpose for the 20.something-Gaziilion-Pixel camera of this new Nokia-thingy....

  • Reply 196 of 330

    Does Find My iPhone work if the SIM has been removed? (And the phone is not within range of a trusted WIFI network)

  • Reply 197 of 330
    cpsrocpsro Posts: 2,929member

    The video shows clearly enough that the phone was trained to recognize only a single finger (the index finger) and that the middle finger was used to lift the fake print and unlock the phone.

    The video does not show how the fake print was created, which is key. The video also doesn't show that the person has a normal fingerprint on the index finger and, for instance, isn't wearing a fake piece of latex that is easily replicated.

  • Reply 198 of 330
    Touch ID verifies the fingerprint on the interior sub dermal layer and confirms the finger has a pulse. This is why the tech is great since it shouldn't work if your finger was cut off and should work even if the fingerprint was burned off with acid. It doesn't use the old method of reading the print off the outer skin layer like others do. This is why I call BS on the video since the user is testing with his living finger covered by a piece of paper. Instead if he can do it with the image attached to a stick then it would be proof of concept. Until then nice try but no soup for you :)
  • Reply 199 of 330
    Quote:

    Originally Posted by Ramrod View Post

     

     

    Oh really? So if you see a pattern left behind from oil, do you know where the patter started and what the order of the patter was? Didn't think so. You would know this if you actually used a pattern lock. And all it takes is an easy wipe to get rid of the oil pattern mark. Finger prints? Yeah go ahead and burn them off. lol. 

    Oh and what's your response to my point of having to constantly take gloves on and off just to unlock your phone? Everyone that went on an on about how much time you save with this lock, doesn't want to address the glove issue. Hmmm.....

    Denial is a helluva drug.


     

    Try this for an exercise: Put a pen on a paper, then make whatever pattern you like without lifting the pen. How many possibilities are there to trace the original pattern? Usually two, since the start and the end of the pattern are obvious. If you use backtrace, it will become harder, but far from impossible to guess.

     

    Now, easy wipe will solve the issue. And will solve the issue with the fingerprint sensor as the thief will have no way to lift your prints from the phone.

  • Reply 200 of 330

    All those claiming that fingerprint ID security is OK are missing the point.

     

    It is not safe and it certainly isn't extremely safe as Apple did say. Period.

     

    I guess I can stick with my good ole 4s (it's working blazingly fast under iOS7. Best upgrade ever)

Sign In or Register to comment.