Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.
Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor
Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.
SO HOW DID THEY FAKE IT?
It looks very simple.
Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..
It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.
In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film
Let's see if I'm right. If I am how many millions of dollars do I get....LOL
No one has proven touch id is a mistake. All that's been proven is the Internet will run with anything if it might put Apple in a bad light.
Yeah, mistake is the wrong word. I was just initially taken aback by how quickly a bypass was found, and the rather traditional old-world way that bypass was carried out. The only thing new being the higher-resolution scans and printouts used.
Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.
Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor
Chaos Computer Club has been around for years and reportedly has a great rep in the security community. I doubt what they did was faked but anything is possible. With that said the rules for the bounty are pretty strict and CCC might not meet all of them. It takes a bit of time to do the requested video but I'd imagine there should be something more to go on within hours.
No one has proven touch id is a mistake. All that's been proven is the Internet will run with anything if it might put Apple in a bad light.
Yeah, mistake is the wrong word. I was just initially taken aback by how quickly a bypass was found, and the rather traditional old-world way that bypass was carried out. The only thing new being the higher-resolution scans and printouts used.
That seems to be the interesting aspect. Seems the Apple implementation is not significantly more resistant to hacking than any of the previous implementations. Still useful as a convenience, but hardly an innovative breakthrough.
These two bits in the article really undermine any pretence that AI is a balanced (or indeed sensible) publication:
"In addition, a would-be thief would need access to the iPhone itself after the fake is produced."
No kidding. But the same is true of getting past any security element - you to have a way to access a specific lock to pick it. Since we are talking about lock picking here, rather than getting around lock without opening it.
"Also not taken into account is Apple's Find My iPhone app, which allows a lost or stolen phone to be wiped remotely. This leaves the window for breaking into the 5s very small, and would likely thwart all but the most dedicated criminals."
What1?!? How about anyone who kept the iPhone it in a signal procf environment, or removed the SIM card, or .... Again Find My iPhone has no relevance to finger print security. It has relevance to overall iPhone security. The existance of Find My iPhone functionality will not deter anyone. The hastle of faking the print, that will deter casual people.
This group are talking about the use of finger prints as a security method in general. Regardless of device. They are not talking about the security of the iPhone (as a collection of elements or in comparison to anything else).
The article would be far more interesting and relevant without these two crackpot bits. Oh well, have to give up on AI for balance and sense....
Yeah, mistake is the wrong word. I was just initially taken aback by how quickly a bypass was found, and the rather traditional old-world way that bypass was carried out. The only thing new being the higher-resolution scans and printouts used.
Call me skeptical. We knew the minute Apple announced this someone would be rushing out there to 'hack' it and the first claim of hacking would be plastered all over the news. Until I see something from start to finish, unedited and then recreated by someone else its much ado about nothing.
The steps to do this requires that the thief go into a lot of trouble. I am sure those guys had fun making the perfect little prints to hack. In the real world, it wont be that easy to find a perfect print left by the user. In fact most people will fail to do all the necessary steps to end up with an unlock phone.
If this is a concern to you, use the back of you're finger, you wont left it on objets...
That seems to be the interesting aspect. Seems the Apple implementation is not significantly more resistant to hacking than any of the previous implementations. Still useful as a convenience, but hardly an innovative breakthrough.
On really? Seems to me there's a lot of rush to judgement based on one YouTube video.
Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.
Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor
Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.
SO HOW DID THEY FAKE IT?
It looks very simple.
Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..
It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.
In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film
Let's see if I'm right. If I am how many millions of dollars do I get....LOL
Any comments
I've looked at the video again and noticed that they appeared to have changed finger i.e. they claim to have taught Touch ID the index fingerprint and then used the second finger to pick up the transparent film and plce it on the sensor with the second finger pressing down on the Touch ID sensors.
But how do we know that they did not also teach the sensor the fingerprint on the second finger off camera?
Also why do they not show the iPhone 5S actuality responding and unlocking?
Let me first start out by bringing out the fact that this sensor DOES scan the sub epidermal layers of your skin(which means it scans multiple layers of your skin to ensure it's yours).
Keep that fact in mind..
Now, when watching the video, you can see the person obviously successfully registering his finger print(his index finger), and it works quite well and very fast.
Then look at the finger print he copied. Notice how he used the same print, from the same finger, on the same person? Interesting.. Let's see where this is going..
Now, the sensor works by detecting your finger touching the steel band, so it's capacitive. When he puts the paper on the sensor, it clearly does nothing, but when he puts the SAME finger that he used for the print.. It magically unlocks. Why?
The sensor is reading the print through multiple layers, it is merely treating the paper as another layer of skin, therefore, it unlocks.
Until I see this German folk do the same thing, with a different print copied, and use another different person who is using a different finger to "fake" this, I call BS.
I'm not as easily conned by them, and just for a side note, it seems all they're doing is scamming the people who are offering bounties for this. Being a computer club full of guys, imagine what they would buy $16k worth of..
Debunked, and I'll be using the sensor because so far, it has not been hacked/faked.
Chaos Computer Club has been around for years and reportedly has a great rep in the security community. I doubt what they did was faked but anything is possible. With that said the rules for the bounty are pretty strict and CCC might not meet all of them. It takes a bit of time to do the requested video but I'd imagine there should be something more to go on within hours.
There's a lot of money to be made from discrediting the Touch ID system..
Do you really think Apple would have tried and tested the simple method these Cahaos Computer Hackers claim to have used. Its a really obvious way to try to hacking in.
Also the video does not even show that they were actually successful....LOL
Still it meets the requirements of their paymasters - Look how this story has already attracted so many Apple denigrators. It is likely to run like wildfire for several days in the media - just like the false story that Samsung earned more from mobile than Apple
It seems this was a very controlled experiment with the sole purpose of getting headlines. They never actually got to the secure enclave that stores the hash so you can't really call this a hack can you?
There's a lot of money to be made from discrediting the Touch ID system..
$6K is hardly a lot of money. In case you missed it they found out yesterday that the guy offering the $10K was probably lying and today they pretty much proved it was just publicity. He had no intention of parting with several thousand, saying he's not that liquid.
Sorry, best and easiest way is the pattern unlock that android uses. Apple should have put more money towards a better user experience, bigger and better screen, and better hardware overall. The fingerprint lock is useless in winter. What a hassle to keep taking off gloves to unlock my phone. I like what Nokia and Samsung did with the touchscreens that work with gloves. Get on it Apple. Stop these stupid gimmicks.
I don't quite buy this claim either. It would be very difficult to replicate the 3D fingerprint from a cooperating person, certainly not from a 2D picture from a glass. However, even if it did happen, the sensor can be refined to be more strict to beat the hack.
I'm pretty sure I don't recall Apple ever saying it was uncrackable. But it sure does beat havin to enter a PIN or password away too often.
That is likely part of the reason why Apple wants you to also have a passcode and why they have the whole 48 hours etc. In the time it takes you to actually get the finger ready that timer may have triggered and then the finger is pointless if you don't have the passcode
"While the process is somewhat complex, the thinking behind it is straightforward. In this case, a high-resolution 2400 dpi photo of a user's fingerprint was harvested from a glass surface using graphite dust or cyanoacrylate (the main ingredient in Super Glue) and a camera. The resulting image was cleaned up and inverted with photo editing software, then laser printed at 1200 dpi onto a transparent sheet.
To create the fake fingerprint, pink latex milk or white wood glue is laid over the printout and allowed to set. Once cured, the dummy can be peeled off the transparency, breathed on to produce a thin layer of moisture, and applied to a finger. This will grant access to a Touch ID protected device, CCC claims. "
Yeah, because some random dude who swipes your phone has a good probability of doing all this shit, right? Of course touch ID is not 100% secure in 100% of situations. But form the standpoint of balancing convenience with security, its a shitload better than NOT having it.
Uh.. How exactly is a finger print unlock the best?
I can trace the exact pattern from any android phone/tablet because of human oil, and I have an Android phone which I've used the pattern unlock before.. Get off your high horse, it's a delusion.
Comments
This seems to be fake.
Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.
Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor
Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.
SO HOW DID THEY FAKE IT?
It looks very simple.
Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..
It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.
In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film
Let's see if I'm right. If I am how many millions of dollars do I get....LOL
Any comments
No one has proven touch id is a mistake. All that's been proven is the Internet will run with anything if it might put Apple in a bad light.
Yeah, mistake is the wrong word. I was just initially taken aback by how quickly a bypass was found, and the rather traditional old-world way that bypass was carried out. The only thing new being the higher-resolution scans and printouts used.
Chaos Computer Club has been around for years and reportedly has a great rep in the security community. I doubt what they did was faked but anything is possible. With that said the rules for the bounty are pretty strict and CCC might not meet all of them. It takes a bit of time to do the requested video but I'd imagine there should be something more to go on within hours.
No one has proven touch id is a mistake. All that's been proven is the Internet will run with anything if it might put Apple in a bad light.
Yeah, mistake is the wrong word. I was just initially taken aback by how quickly a bypass was found, and the rather traditional old-world way that bypass was carried out. The only thing new being the higher-resolution scans and printouts used.
That seems to be the interesting aspect. Seems the Apple implementation is not significantly more resistant to hacking than any of the previous implementations. Still useful as a convenience, but hardly an innovative breakthrough.
"In addition, a would-be thief would need access to the iPhone itself after the fake is produced."
No kidding. But the same is true of getting past any security element - you to have a way to access a specific lock to pick it. Since we are talking about lock picking here, rather than getting around lock without opening it.
"Also not taken into account is Apple's Find My iPhone app, which allows a lost or stolen phone to be wiped remotely. This leaves the window for breaking into the 5s very small, and would likely thwart all but the most dedicated criminals."
What1?!? How about anyone who kept the iPhone it in a signal procf environment, or removed the SIM card, or ....
Again Find My iPhone has no relevance to finger print security. It has relevance to overall iPhone security.
The existance of Find My iPhone functionality will not deter anyone. The hastle of faking the print, that will deter casual people.
This group are talking about the use of finger prints as a security method in general.
Regardless of device.
They are not talking about the security of the iPhone (as a collection of elements or in comparison to anything else).
The article would be far more interesting and relevant without these two crackpot bits.
Oh well, have to give up on AI for balance and sense....
If this is a concern to you, use the back of you're finger, you wont left it on objets...
Hmmm,
This seems to be fake.
Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.
Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor
Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.
SO HOW DID THEY FAKE IT?
It looks very simple.
Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..
It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.
In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film
Let's see if I'm right. If I am how many millions of dollars do I get....LOL
Any comments
I've looked at the video again and noticed that they appeared to have changed finger i.e. they claim to have taught Touch ID the index fingerprint and then used the second finger to pick up the transparent film and plce it on the sensor with the second finger pressing down on the Touch ID sensors.
Gather 'round children, gather 'round.
Watch me debunk this.
Let me first start out by bringing out the fact that this sensor DOES scan the sub epidermal layers of your skin(which means it scans multiple layers of your skin to ensure it's yours).
Keep that fact in mind..
Now, when watching the video, you can see the person obviously successfully registering his finger print(his index finger), and it works quite well and very fast.
Then look at the finger print he copied. Notice how he used the same print, from the same finger, on the same person? Interesting.. Let's see where this is going..
Now, the sensor works by detecting your finger touching the steel band, so it's capacitive. When he puts the paper on the sensor, it clearly does nothing, but when he puts the SAME finger that he used for the print.. It magically unlocks. Why?
The sensor is reading the print through multiple layers, it is merely treating the paper as another layer of skin, therefore, it unlocks.
Until I see this German folk do the same thing, with a different print copied, and use another different person who is using a different finger to "fake" this, I call BS.
I'm not as easily conned by them, and just for a side note, it seems all they're doing is scamming the people who are offering bounties for this. Being a computer club full of guys, imagine what they would buy $16k worth of..
Debunked, and I'll be using the sensor because so far, it has not been hacked/faked.
Chaos Computer Club has been around for years and reportedly has a great rep in the security community. I doubt what they did was faked but anything is possible. With that said the rules for the bounty are pretty strict and CCC might not meet all of them. It takes a bit of time to do the requested video but I'd imagine there should be something more to go on within hours.
There's a lot of money to be made from discrediting the Touch ID system..
I think TouchID requires a complete fingerprint. With an incomplete fingerprint the phone can not be unlocked.
Not true.
The denial around here is so thick you could carve it.
$6K is hardly a lot of money. In case you missed it they found out yesterday that the guy offering the $10K was probably lying and today they pretty much proved it was just publicity. He had no intention of parting with several thousand, saying he's not that liquid.
Sorry, best and easiest way is the pattern unlock that android uses. Apple should have put more money towards a better user experience, bigger and better screen, and better hardware overall. The fingerprint lock is useless in winter. What a hassle to keep taking off gloves to unlock my phone. I like what Nokia and Samsung did with the touchscreens that work with gloves. Get on it Apple. Stop these stupid gimmicks.
I don't quite buy this claim either. It would be very difficult to replicate the 3D fingerprint from a cooperating person, certainly not from a 2D picture from a glass. However, even if it did happen, the sensor can be refined to be more strict to beat the hack.
Time will tell.
I'm pretty sure I don't recall Apple ever saying it was uncrackable. But it sure does beat havin to enter a PIN or password away too often.
That is likely part of the reason why Apple wants you to also have a passcode and why they have the whole 48 hours etc. In the time it takes you to actually get the finger ready that timer may have triggered and then the finger is pointless if you don't have the passcode
How the **** is this news?
"While the process is somewhat complex, the thinking behind it is straightforward. In this case, a high-resolution 2400 dpi photo of a user's fingerprint was harvested from a glass surface using graphite dust or cyanoacrylate (the main ingredient in Super Glue) and a camera. The resulting image was cleaned up and inverted with photo editing software, then laser printed at 1200 dpi onto a transparent sheet.
To create the fake fingerprint, pink latex milk or white wood glue is laid over the printout and allowed to set. Once cured, the dummy can be peeled off the transparency, breathed on to produce a thin layer of moisture, and applied to a finger. This will grant access to a Touch ID protected device, CCC claims. "
Yeah, because some random dude who swipes your phone has a good probability of doing all this shit, right? Of course touch ID is not 100% secure in 100% of situations. But form the standpoint of balancing convenience with security, its a shitload better than NOT having it.
Uh.. How exactly is a finger print unlock the best?
I can trace the exact pattern from any android phone/tablet because of human oil, and I have an Android phone which I've used the pattern unlock before.. Get off your high horse, it's a delusion.