Apple's Touch ID already bypassed with established 'fake finger' technique

1568101117

Comments

  • Reply 141 of 330
    gatorguygatorguy Posts: 23,302member
    jdw wrote: »
    I simply don't understand how this can be possible if one takes Apple's "sub-epidermal" statement at face value. Watch the following video on Apple's site, starting at 1:20...

    http://www.apple.com/iphone-5s/videos/#video-touch

    The way I understood it when presented at the keynote was that it reads the print on the surface of the skin as well as penetrating deeper into the skin to ensure the print could not be faked.

    I don't write this to attack Apple. I write this to know if any of you can explain in technical detail how Apple's sensor reads sub-epidermal details of one's finger.

    Or could this be a bug that prevents the sub-epidermal scan from taking place?

    Thanks.

    "Sub-dermal scanning" just refers to verifying the electrical activity that would be expected in live tissue. That way a plastic item or other "dead" object doesn't pass muster. If the CCC mock print isn't thin enough the electrical activity in the real finger underneath couldn't be read. That's the way I understand Authentec's tech anyway.
  • Reply 142 of 330

    I do not hold the keys to the US nuclear arsenal, but on my home screen I use a short convenient password. For more personal stuff, I use a longer password on an app lock. So for me, the fingerprint ID is just perfect.

  • Reply 143 of 330

    No technology is foolproof!  fact!!!    So eventually somehow someway somebody was going to beat it. However the good part is that its not easily defeated and Apple will most likely fix the flaw.

  • Reply 144 of 330
    Who knows if this is true. Those claims could be coming from Apple's competitors looking to spread fear. But screw that. There are bio metrics all over the effing place. I use a finger print reader to clock in and out from my job. Lenovo has one on their laptop. They are everywhere.
    So don't let this bs deter you from getting an iPhone 5s.
  • Reply 145 of 330
    gatorguygatorguy Posts: 23,302member
    It's really early morning in Germany so no reason for anyone to hang around waiting on CCC video IMO. If anyone wants to keep up with the latest and know the minute a video is submitted (or if) the two guys running the site and determining if there's a challenge winner are:
    https://twitter.com/ErrataRob
    https://twitter.com/nickdepetrillo

    May be a few hours before anything important is posted.
  • Reply 146 of 330
    malaxmalax Posts: 1,598member

    My kids know the 4-digit pin I use with my iPhone and my wife's pin.  How?  Because they are observant.  I could do the same thing with a colleague or a random dude on the subway.  Not consistently, but pretty easily.

     

    That's why the fingerprint reader is more secure than a pin (or pattern swipe).

     

    Could someone from the Impossible Mission team access my phone if I just use the fingerprint thing?  Probably.  Could my kids or office mates?  Probably not.  (But of course that's because they never take their gloves off ;-)

  • Reply 147 of 330

    I gotta say. This new IOS 7 has a crazy amount of lag. I have an iphone 5 (I keep it in perfect working order I am not a noob) and when I do screen rotation from landscape to portrait and vice-versa, there is a ton of lag. Everybody complains about android having lag, is there a way to fix this or is it gonna stay like this? It's pretty pathetic coming from a company that was pointing out that Android lags a lot.

  • Reply 148 of 330
    Hmmm,

    This seems to be fake.

    Apple have already explained that the Touch ID cannot be fooled by a 2-D image because the sub-epidermal image it creates is 3-D not 2-D.

    Yet these Germans are claiming that a 2-D image on a thin transparent film fooled the Touch ID sensor

    Also Apple say the Touch ID sensor cannot be fooled by a dead fingerprint because it will only read the sub-epidermal layers of a live finger.

    SO HOW DID THEY FAKE IT?

    It looks very simple.

    Notice how the same finger used teach Touch ID the fingerprint was then used to pick up a thin transparent film and put it on the sensor WITH THE LIVE FINGER on top of the thin transparent layer..

    It seems then that the Touch ID sensor, which uses capacitors and RF to see through the dead skin of a fingerprint to read the sub-epidermal layers to create the 3-D image, then looked THROUGH the thin transparent film at the SAME LIVE FINGERPRINT used to teach Touch ID the fingerprint pattern.

    In other words it was not reading the transparent film at all, but the real fingerprint touching the transparent film

    Let's see if I'm right. If I am how many millions of dollars do I get....LOL

    Any comments

    Look again, he uses his index finger to register the fingerprint and then he uses his middle finger to unlock it.
  • Reply 149 of 330
    What worries me is that Touch ID is being used to authenticate App Store purchases.
  • Reply 150 of 330
    Originally Posted by openminded View Post

    is there a way to fix this or is it gonna stay like this?

     

    Obviously it will remain this way. Apple has no intention of giving users a good experience.

     

     It's pretty pathetic coming from a company that was pointing out that Android lags a lot. 


     

    Almost makes you think that it’s something wrong with your device and not endemic of the OS, doesn’t it?

  • Reply 151 of 330
    lkrupp wrote: »
    Take yourself and your "This is not good for Apple" nonsense and jump off a bridge. Apple never said anything remotely indicating this was unbeatable. YOU and your ilk blew it up into something it wasn't. You tell me which is easier to hack, a 4 digit PIN or Touch ID. You tell me how ANY device is secure once someone has physical possession of it.  YOU tell me how your ex-wife or girlfriend is going to do this. YOU tell me how the common thief is going to accomplish this. It's a step UP from the PIN and not a gimmick. Lots of people run around with no lock code at all because they don't like punching numbers. Touch ID will let them have some real security because it's easy to use.

    I'll tell you what. When I get my iPhone 5s I'll let you have it and YOU into it hack it. And let's put some serious money up too. Otherwise shut up.
     
    Just go away and play with yourself.

    A significant other actually would have the easiest method to unlock it. All they need do is place the phone on the finger of a sleeping user.
  • Reply 152 of 330
    again i believe we all love apple or at least admire it in some way - in the case of those who come here just to nay it. in any case humanity comes first (if there ever was any doubt this is in question) and given the snowden sharings like prism and such, i believe that we should focus more on the fact that, if biometrics here r clearly not something safe, then the hackers must have a point.. and if it isnt us saying something, no one will.. all apple lovers and even steve jobs admirers will always save the company and vision first and foremost by primarily upholding freedom.. peace.
  • Reply 153 of 330
    Wouldn't it be nice if Apple allowed for a user to enter a bogus finger scan (Think left index finger instead of right index finger etc.) that if entered it would wipe the phone. Or two finger authentication. If you pick the wrong two or wrong sequence it would wipe the phone.
  • Reply 154 of 330

    I do think it could be planned better than that. If I wanted to gain access to someone's email, Facebook or buy things on iTunes, etc. here's what could be done - would be easy for a work colleague/spouse/etc.:

    1. Get the fingerprint (I'm guessing it's going to be the thumb for 90% of people) from a glass or something else.

    2. Prepare the fake print (taking all the time you need)

    3. Then at an opportune moment (going to the restroom at a restaurant, a meeting at work, at a bar, etc.)

    4. Then quickly grab the phone - get what you need in a matter of seconds - then put the phone back.

     

    I'm an Apple fan, and maybe there's a flaw in what I've outlined... but it would be good to know whether or not this could be done in a relatively easy way. Of course there has to be motive and effort... but a scheming spouse, work colleague, etc. could do it and you wouldn't even know!! It would be hard to find out also.

     

    I will be using it - I generally never leave my phone unattended (except for charging at night). But I would like to know if it's possible this way.

  • Reply 155 of 330
    Quote:

    Originally Posted by Rogifan View Post



    Let me guess...this CCC outfit as an agenda and will use Apple to further it.

     

    No.  At least not what you imply.  CCC has been around for 20 years or longer, and does what it claims - hacking.  When IE came out, they went on national TV to show bank funds transferred from one account to another, without anything showing on the screen.

     


    They hack things.  This is hackable, so they hacked it.
  • Reply 156 of 330
    I don't see the system fooled according what i see in the video. If i'm not wrong, the system works using sub-epidermic skin layer then basically they just put another layer of death skin but are still using the SAME finger they register, then they are not showing anything different to a thicker epidermic skin been used. If they change the finger or shows another hand, well that's truly a proof. Any other way is just get traffic to your youtube video fooling readers with sensationalist titles . Let me clarify, i'm not against they break the system, just look that they dont get it yet. Anyway even if they show another video with different hands accessing a unique fingerprint i believe the system is still good enough to replace password in a daily basis.
  • Reply 157 of 330
    Quote:

    Originally Posted by ruckerz View Post



    What worries me is that Touch ID is being used to authenticate App Store purchases.

     

    Yes, nothing scares me more than someone who can obtain my fingerprints, create a good copy to fool Touch Id, steal my iphone and... purchase a dozen of $0.99 apps

  • Reply 158 of 330
    Quote:

    Originally Posted by Wovel View Post

     
    Quote:

    Originally Posted by Ramrod View Post

     
    Quote:

    Originally Posted by Slurpy View Post



     



    There's so many falsities in your moronic, mindless troll post, that one does not know where to start. 

    "Best and easiest"? Really? Easier than leaving my finger on the home button for a fraction of a second after clicking it? How the **** does that NOT improve user experience? Do you even know what that word means? Touch ID will be used hundreds of times a day by hundreds of millions of people. That does not qualify as a "gimmick". 

    Better quality screen? Scientific tests have shown that the iPhone 5/5s screen is literally the best in the industry, by a dozen or so metrics. Larger? Thats simply your personal preference. 

     

    The only gimmick is your post, which is asinine on so many levels. I have a Nexus 4. No, the pattern unlock is not the be-all-and-end-all of security. After getting used to touch ID, it seems like an obsolete, stone-age hassle. 




    Again, what about the gloves in the winter time? Yeah, didn't think you cared to address that issue. Hmm.....




    Unless you are one if the 10 people to buy capacitive gloves, your taking one off anyway...

     

    My thought exactly. How many people actually buy gloves specifically to work with cell phones? The vast majority of customers have to take them off to use code unlock and operate the phone anyway, so this is a completely manufactured spurious concern.

  • Reply 159 of 330
    Quote:
    Originally Posted by Odinsdad View Post



    Wouldn't it be nice if Apple allowed for a user to enter a bogus finger scan (Think left index finger instead of right index finger etc.) that if entered it would wipe the phone. Or two finger authentication. If you pick the wrong two or wrong sequence it would wipe the phone.

     

    That's potentially a cool idea, though I suppose it would be pretty easily defeated once somebody saw you use the Touch ID even once. But it's better than ideas that would wipe the phone with a wrong fingerprint (since even a muddy or sweaty finger can already confuse the sensor). 

  • Reply 160 of 330
    malaxmalax Posts: 1,598member
    Quote:
    Originally Posted by pan101 View Post

     

    I do think it could be planned better than that. If I wanted to gain access to someone's email, Facebook or buy things on iTunes, etc. here's what could be done - would be easy for a work colleague/spouse/etc.:

    1. Get the fingerprint (I'm guessing it's going to be the thumb for 90% of people) from a glass or something else.

    2. Prepare the fake print (taking all the time you need)

    3. Then at an opportune moment (going to the restroom at a restaurant, a meeting at work, at a bar, etc.)

    4. Then quickly grab the phone - get what you need in a matter of seconds - then put the phone back.

     

    I'm an Apple fan, and maybe there's a flaw in what I've outlined... but it would be good to know whether or not this could be done in a relatively easy way. Of course there has to be motive and effort... but a scheming spouse, work colleague, etc. could do it and you wouldn't even know!! It would be hard to find out also.

     

    I will be using it - I generally never leave my phone unattended (except for charging at night). But I would like to know if it's possible this way.


     

    The flaws are in steps 2 and 3.  First off, step 2 takes a ton of work and maybe you screw it up.  Then, more importantly, WTF leaves their phone behind when they go to the restroom?  Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,

Sign In or Register to comment.