This is a meaningless video. For this to be a verified crack of the Touch ID technology, the fake fingerprint should of been put on a person that wasn't the owner of the print. What verifiable means is there that the sensor didn't read THROUGH the fake finger print to the persons finger.
Cracked within a couple of days! This is not good for Apple, basically they've been promoting a security technology that it turns out, isn't secure! Their finger-print sensor now is just a convenient gimmick for unlocking an iPhone. I really hope they can fix it (doubtful) because the haters are going to be all over this! This is something they should of looked into before purchasing AuthenTec in the first place! I remember at the time it was a rather rushed purchase - they maybe paying the price for that now! I wonder how Apple's damage control is going to handle this?
Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it. YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick. Lots of people run around with no lock code at all because they don't like punching numbers. Touch ID will let them have some real security because it's easy to use.
I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
I'm sorry, but everyone is using the word "bypassed" to describe this "hack" and it is NOT that.
"Already bypassed" implies an easy workaround.
First, get the owner of a Touch ID locked phone to let you take a very high resolution (2400dpi) photo of the fingertip (containing the fingerprint) used to encode the lock.
After that, go through a bunch of arcane steps involving 1200dpi scanners, and other "everyday" items only used by special industry professionals (you've got to get the set and the thickness just right), and finally, stick that onto your finger, moisten it with your breath...
Oh wait, we forgot the other important part. ALSO get the phone from the person who's identity you're trying to steal or whatever.
The contents of that phone would have to be awfully important and valuable. Doing this just to "steal" a handset sure isn't worth it.
Finally, how is this method "news"? It's an old and established method for replicating fingerprints that can "fool" a fingerprint reader. This has never actually made fingerprint scanners any less secure.
It's a barrier to entry that is more secure than a credit card in a wallet (or any other form of payment we currently use), that's for sure!
But there's the key. It, like any other form of security or lock is not 100% unbreakable. It just provides a high enough level of security that overcoming it is an effort usually not worth the reward.
Now, when someone illustrates one of those "tilt it this way, press that, hold the power button and move ten feet west, etc. and THEN you can bypass the fingerprint scanner" methods, THEN I'll agree it has been bypassed. Until then? Nah.
The biggest plus for me with Touch ID, aside from being very secure, is that it's FAST. nearly instant, 99.999% accurate scanning.
Which should be plenty for 99.999% of people and applications, in my book.
This is a meaningless video. For this to be a verified crack of the Touch ID technology, the fake fingerprint should of been put on a person that wasn't the owner of the print. What verifiable means is there that the sensor didn't ready THROUGH the fake finger print to the persons finger.
Until that happens I call this busted.
The original article says a complete step by step video has been submitted by the CCC for verification.
Notice how the headline states it as a fact but the article reveals it's a claim?
Also, the method is not exactly convenient, and it doesn't undermine touchID's purpose- which is more convenient authentication, not some sort of ultra-secure perfect security method.
In a recent article Mr Cook commented on iPhones being used for secure payments. In that case it could be worth the effort.
Please. Thieves can already get your CC data to commit fraud without having to go through the process of stealing a phone, bypassing its security, and then HOPING it might actually be set up for making payments (or that the phones owner has a high enough credit limit to purchase something worthwhile). And that the phone wouldn't get locked before this took place.
These guys won't get the $16,000 prize for being first. To win you have to show everything in your video from leaving the print on a glass or other object to lifting the print to producing the mold to unlocking the phone. When I see that then I might be impressed.
For all we know these guys used a perfectly clean sheet of glass and had the person leave a perfect print (like getting fingerprinted as opposed to getting a print from an everyday item). And they might have had to repeat the process numerous times before they got a mold that worked. This is why the guys offering the reward require a complete video.
Now that they described their process it should only be a day at most before someone collects the prize, right? Because it's so easy that anyone can do it, therefore that money is just waiting for someone to collect. /S
Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it. YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick.
I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
Just go away and play with yourself.
Just go somewhere and relax, you rude zealot! I'm not going anywhere, and while I'm an Apple fan, I'm not going to shut up when they make the occasional mistake.
I think TouchID requires a complete fingerprint. With an incomplete fingerprint the phone can not be unlocked.
Actually, I think the way Touch ID works is it samples portions of the fingerprint, and creates a pattern which alone would be equally unique as the fingerprint itself. You'd probably be right that it needs a full fingerprint to encode first. But what it "reads" each time is probably not a complete fingerprint, but the encoded "highlights".
Now that there are over 7 billion humans on the planet, I'm wondering if it's not possible to have a pair of fingerprints so similar a scanner might not be able to tell them apart?
Why not just hold a gun to somebody's head? Why bother with all of this nonsense? " src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
These guys won't get the $16,000 prize for being first. To win you have to show everything in your video from leaving the print on a glass or other object to lifting the print to producing the mold to unlocking the phone. When I see that then I might be impressed.
BTW, the guy offering the $10K is reneging. He was scamming from the get-go and was only after the publicity.
The guys offering the reward put up a notice about CCC on their site. I hope they don't accept an edited video - it needs to be a complete video of the entire process in real time. This is important as it shows just what's involved.
Just go somewhere and relax, you rude zealot! I'm not going anywhere, and while I'm an Apple fan, I'm not going to shut up when they make the occasional mistake.
No one has proven touch id is a mistake. All that's been proven is the Internet will run with anything if it might put Apple in a bad light.
Actually, I think the way Touch ID works is it samples portions of the fingerprint, and creates a pattern which alone would be equally unique as the fingerprint itself. You'd probably be right that it needs a full fingerprint to encode first. But what it "reads" each time is probably not a complete fingerprint, but the encoded "highlights".
Now that there are over 7 billion humans on the planet, I'm wondering if it's not possible to have a pair of fingerprints so similar a scanner might not be able to tell them apart?
Time will tell I guess...
True. There's already been at least one guy using his nipple to unlock his 5s, and another who used his nose. Even a cat's paw presumably works
The guys offering the reward put up a notice about CCC on their site. I hope they don't accept an edited video - it needs to be a complete video of the entire process in real time. This is important as it shows just what's involved.
Comments
corrections in spelling :
This is a meaningless video. For this to be a verified crack of the Touch ID technology, the fake fingerprint should of been put on a person that wasn't the owner of the print. What verifiable means is there that the sensor didn't read THROUGH the fake finger print to the persons finger.
Until that happens I call this busted.
Locks keep honest people honest.
As a practical matter, this means nothing to virtually everyone.
Cracked within a couple of days! This is not good for Apple, basically they've been promoting a security technology that it turns out, isn't secure! Their finger-print sensor now is just a convenient gimmick for unlocking an iPhone. I really hope they can fix it (doubtful) because the haters are going to be all over this! This is something they should of looked into before purchasing AuthenTec in the first place! I remember at the time it was a rather rushed purchase - they maybe paying the price for that now! I wonder how Apple's damage control is going to handle this?
Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it. YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick. Lots of people run around with no lock code at all because they don't like punching numbers. Touch ID will let them have some real security because it's easy to use.
I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
"Already bypassed" implies an easy workaround.
First, get the owner of a Touch ID locked phone to let you take a very high resolution (2400dpi) photo of the fingertip (containing the fingerprint) used to encode the lock.
After that, go through a bunch of arcane steps involving 1200dpi scanners, and other "everyday" items only used by special industry professionals (you've got to get the set and the thickness just right), and finally, stick that onto your finger, moisten it with your breath...
Oh wait, we forgot the other important part. ALSO get the phone from the person who's identity you're trying to steal or whatever.
The contents of that phone would have to be awfully important and valuable. Doing this just to "steal" a handset sure isn't worth it.
Finally, how is this method "news"? It's an old and established method for replicating fingerprints that can "fool" a fingerprint reader. This has never actually made fingerprint scanners any less secure.
It's a barrier to entry that is more secure than a credit card in a wallet (or any other form of payment we currently use), that's for sure!
But there's the key. It, like any other form of security or lock is not 100% unbreakable. It just provides a high enough level of security that overcoming it is an effort usually not worth the reward.
Now, when someone illustrates one of those "tilt it this way, press that, hold the power button and move ten feet west, etc. and THEN you can bypass the fingerprint scanner" methods, THEN I'll agree it has been bypassed. Until then? Nah.
The biggest plus for me with Touch ID, aside from being very secure, is that it's FAST. nearly instant, 99.999% accurate scanning.
Which should be plenty for 99.999% of people and applications, in my book.
This is a meaningless video. For this to be a verified crack of the Touch ID technology, the fake fingerprint should of been put on a person that wasn't the owner of the print. What verifiable means is there that the sensor didn't ready THROUGH the fake finger print to the persons finger.
Until that happens I call this busted.
The original article says a complete step by step video has been submitted by the CCC for verification.
I think TouchID requires a complete fingerprint. With an incomplete fingerprint the phone can not be unlocked.
Also, the method is not exactly convenient, and it doesn't undermine touchID's purpose- which is more convenient authentication, not some sort of ultra-secure perfect security method.
TouchID on the iPhone has failed!
Everybody swap across to Android for security.
Please. Thieves can already get your CC data to commit fraud without having to go through the process of stealing a phone, bypassing its security, and then HOPING it might actually be set up for making payments (or that the phones owner has a high enough credit limit to purchase something worthwhile). And that the phone wouldn't get locked before this took place.
These guys won't get the $16,000 prize for being first. To win you have to show everything in your video from leaving the print on a glass or other object to lifting the print to producing the mold to unlocking the phone. When I see that then I might be impressed.
For all we know these guys used a perfectly clean sheet of glass and had the person leave a perfect print (like getting fingerprinted as opposed to getting a print from an everyday item). And they might have had to repeat the process numerous times before they got a mold that worked. This is why the guys offering the reward require a complete video.
Now that they described their process it should only be a day at most before someone collects the prize, right? Because it's so easy that anyone can do it, therefore that money is just waiting for someone to collect. /S
Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it. YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick.
I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
Just go somewhere and relax, you rude zealot! I'm not going anywhere, and while I'm an Apple fan, I'm not going to shut up when they make the occasional mistake.
I think TouchID requires a complete fingerprint. With an incomplete fingerprint the phone can not be unlocked.
Actually, I think the way Touch ID works is it samples portions of the fingerprint, and creates a pattern which alone would be equally unique as the fingerprint itself. You'd probably be right that it needs a full fingerprint to encode first. But what it "reads" each time is probably not a complete fingerprint, but the encoded "highlights".
Why not just hold a gun to somebody's head? Why bother with all of this nonsense?
" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
BTW, the guy offering the $10K is reneging. He was scamming from the get-go and was only after the publicity.
The finger vs pin isn´t completely relevant, I don´t use my pin to purchase stuff on the iTunes store.
A bit disappointed it´s been crack which also busts a few of Apple´s "inside finger scan" promotions. I would like to hear Apple explain this.
Still getting a 5S though.
True. There's already been at least one guy using his nipple to unlock his 5s, and another who used his nose. Even a cat's paw presumably works
You can keep up with the status here from one of the two researchers who set up the challenge.
https://twitter.com/nickdepetrillo