Apple's Touch ID already bypassed with established 'fake finger' technique

18911131417

Comments

  • Reply 201 of 330
    malax wrote: »
    Then, more importantly, WTF leaves their phone behind when they go to the restroom?
    Usually only Apple engineers field testing new iPhones right before the product launch. I hear people will pay good money for such items.
  • Reply 202 of 330
    marcel655 wrote: »
    Fingerprint anything is stupid anyways, much easier to unlock your phone by placing you handcuffed fingers on the sensor than to force you to surrender your password.
    Wouldn't that be "fingercuffed fingers"?
  • Reply 203 of 330
    muppetrymuppetry Posts: 3,331member
    blitz1 wrote: »
    All those claiming that fingerprint ID security is OK are missing the point.

    It is not safe and it certainly isn't extremely safe as Apple did say. Period.

    I guess I can stick with my good ole 4s (it's working blazingly fast under iOS7. Best upgrade ever)

    Actually I think that you are missing the point - namely that it is both more convenient and more secure than the regular 4-digit pin that users currently employ (if they employ anything at all).

    Whether it proves to be secure enough to be trusted to handle authentication for financial transactions remains to be seen, but since that should generally be at least 2-step authentication, it doesn't seem unreasonable to imagine that it might replace one of those steps.
  • Reply 204 of 330
    I'm not worried about criminals being able to copy finger prints. The time to worry would be when hackers create a TouchID virus designed to extract the fingerprint information on all devices around the world, and then collect a database of fingerprints.
  • Reply 205 of 330
    So don't give your phone the finger.
  • Reply 206 of 330
    So they have up to 48 hours from lifting a fingerprint of sufficiently high quality to produce the fake finger pad and they would need some fairly high tech equipment and materials by the sounds of things... That's pretty difficult. It's far easier to discretely watch or record (with hidden cameras) someone unlocking their device with a pass code or password so this technology is probably more secure than that.

    Apple said that up to 50% of people don't use a pass code at all because they find entering it all the time to be too tedious, and this technology is aimed at them. Then again, these are people that are posting intimate details of their lives on FaceBook or a complete life story on LinkedIn so I'm not sure security is their biggest concern anyway.

    This is no printgate. The bottom line is if you want something 100% secure don't record it in ANY form.
  • Reply 207 of 330
    Quote:

    Originally Posted by palegolas View Post



    I'm not worried about criminals being able to copy finger prints. The time to worry would be when hackers create a TouchID virus designed to extract the fingerprint information on all devices around the world, and then collect a database of fingerprints.

     

    Its storage is one way, see the Craig Federighi part:

    http://www.businessweek.com/articles/2013-09-19/studio-outtakes-from-apples-cook-ive-and-federighi

  • Reply 208 of 330

    I'm not buying this just yet. As others have pointed out, they could have enrolled their other finger being used. Then they put out a stupid video showing someone else doing it so that it is someone else's finger being used. That is pretty lame. I don't care who's finger they use, they should be showing the finger failing to unlock the phone a few times without the fake finger first. Showing any other finger being used with the fake finger doesn't mean anything unless we know it is not enrolled. 

  • Reply 209 of 330
     

     

  • Reply 210 of 330
    Quote:
    Originally Posted by the cool gut View Post

     

     

    You can't take "all the time you need"  if the phone goes 48 hours without being unlocked, the password kicks in.  Nevermind the fact the owner can always do a remote wipe as well. 


     

    I said that you get the fingerprint from a glass or mug or something else... not the phone!

  • Reply 211 of 330
    If I was James Bond or the POTUS I'd be dead scared someone could do this to my phone.

    As it is, the security risk is minimal.

    As for CCC's main worry about biometrics as an instrument of control, I'm pretty sure than anyone in the EU who has obtained a passport in the last 5 years has facial biometrics on file with one or more governments, similarly any foreign traveller to the US has given their fingerprint data to the government there, and by implication their home government in many cases. You probably need to live in a shed in the woods to avoid such identification these days.
  • Reply 212 of 330
    Quote:

    Originally Posted by malax View Post

     

     

    The flaws are in steps 2 and 3.  First off, step 2 takes a ton of work and maybe you screw it up.  Then, more importantly, WTF leaves their phone behind when they go to the restroom?  Personally, I like to put my wallet, car keys, AND phone on the bar and leave them behind just to demonstrate my faith in humanity,


     

    I understand step 2 is not easy... but apparently doable (we'll see whether it's fake and/or difficult soon I hope). People go online to do complex tasks (like fixit.com etc.) and with a definite step-by-step approach, I'm sure people will try it.

     

    Regarding 'WTF leaves their phone behind when they go to the restroom'.... if you're at dinner with your wife, it looks weird that you take your phone when you go to the restroom when she's there at the table. I think most people at some point, leave their phone somewhere - especially after a few drinks. Work is another obvious place - at your desk, etc. Anyway it happens.

  • Reply 213 of 330
    droidftw wrote: »
    Anyone with a level head probably realized the TouchID system would be defeated in quick order. That said, it still may still prove to be an effective deterrent for crimes of opportunity (which I'd imagine most phone thefts are). Only time will tell.

    I assumed the NSA cracked it first but time will never tell that story.
  • Reply 214 of 330
    sflocalsflocal Posts: 5,820member
    Quote:
    Originally Posted by Ramrod View Post

     

     

    Haha, what tool you are. Typical Apple apologist. Grow a pair and start thinking for yourself otherwise leave. You see, other phones like the Lumia 920 or GS4 would allow you to use your phone with your gloves on. How any fool wouldn't welcome this feature says a lot for their inability to think logically.  But hey, keep fighting the good fight. Denial is a helluva drug.


     

    Getting a little feisty?  Where in my post did I mention that I wouldn't welcome this feature?  Where did I specifically say that?  Spinning your agenda again?



    I would welcome anything that makes my life easier.  Who wouldn't?  However, the difference between you and me is that my expectations are in what most of us call "reality".  The tech is not here now in a reliable fashion, I accept it, I move on.  Perhaps the day will arrive, perhaps not.  I don't dwell on it.  You apparently do.  I have more important things in my life to concentrate on than bitching about why I have to spend 5 seconds to take my gloves off.  It's a TOUCH phone.  Blame Apple because it's easy for people like you, instead of blaming the glove manufacturers.



    This tech is a first-step to other things.  It will mature.  What will most likely happen is Apple will kickstart it, make it mainstream, the competition copies it and suddenly trolls like you will make it sound like Apple had nothing to do with it, or it was the "obvious" thing to do.



    I'm a fully independent thinker, and not some delusional fanboy that apologizes for Apple.  I have my gripes with that company.  You have zero clue who I am or what I do.  What's really sad is someone like you who thinks has a pair, when in reality you're just swinging raisins from the comfort of your keyboard.
  • Reply 215 of 330
    mr omr o Posts: 1,046member

    What about having an eye scan using the FaceTime camera instead?

     

    This way apple could get rid of the home/fingerprint button?

  • Reply 216 of 330
    rayzrayz Posts: 814member
    Quote:

    Originally Posted by muppetry View Post

     

     

    From the publicly available information on Authentec's E-field scanning I would have to conclude that you have misunderstood the technology. If it works as presented then it is actually measuring electrical equipotentials between a conductive reference plane in the sensor and the RF-modulated non-planar (3-D) conductive target surface - the moist subdermal skin layer. As such it differs from regular capacitative scanning in that it does not even see the (relatively) non-conductive surface skin layer or the air gaps between ridges. To fool it would necessitate the creation of a conductive 3-D replica of the fingerprint, not just a 2-D image. I can't see any part of the asserted hack that satisfies that requirement, so it will be interesting to see if this proves to be real.


     

    Yes, this is the part that confused me. Given the way the touch id is supposed to work then I'm not sure how that can produce a successful reading, unless the part about reading the subdermal layer is simply to ensure that the finger is alive.

     


    While I'm sure that CCC is not making this up, I'm not that sure how relevant it is.


     


    To begin with, the equipment and effort required is beyond just about every casual  out most iPhone users will ever encounter.


     


    Secondly, this experiment suffers from the same problem that most of the these sensationalist demonstrations seem to exhibit: It relies on conditions that have to be rigged to work, assumptions on user behaviour, and no consideration to what happens after the exploit has been executed.


     


    Lifting a fingerprint from a glass or a window is great, but I'm not sure how many thieves are going to be following a user around to take his fingerprint. Lifting it from a stolen phone? I'd be surprised if you could lift a clean fingerprint from the button of any iPhone; the home button sees a lot of action, and any print on it will be pretty messy.  Could you lift a good one from the case? Possibly, though lots of fingerprints will overlap, others will be smudged through use and riding around in pockets. Still, that is possible.


     


    The experiment didn't state how long this whole process took. Judging from the write-up, I think someone would have ample time to wipe the phone before it could be cracked. 


     


    It also seems that a lot of folk are gleefully clapping their hands screaming, "Apple failz!" – but I'm not sure they have just yet. Seems to me that they have cautiously released this into the wild, limiting what you can do with it.  I guess folk could buy stuff from the Apple Store, but as far as I can tell, you still need to use your AppleId and password to change delivery addresses or make any other changes to the account that would be useful to a thief. 


     


    Chances are Apple will be looking carefully at this experiment and seeing how it plays out in the real world, and at the same time they'll be thinking about how to make it secure enough for online shopping without making the whole thing so inconvenient that folk won't want to use it. Perhaps they could require a second finger-print for monetary transactions: read finger1 and finger2 with no more than a two second gap. 


     


    As you say, it will be interesting to see how this plays out.
  • Reply 217 of 330
    rayzrayz Posts: 814member
    Quote:

    Originally Posted by mr O View Post

     

    What about having an eye scan using the FaceTime camera instead?

     

    This way apple could get rid of the home/fingerprint button?


     

    Apple is looking for a system that is convenient so folk have to use it. 

     

    So, to unlock my phone, I have to tap the screen to crank up the camera then stand perfectly still with the phone about an inch from my face while it takes the scan.

     

    I'm also not sure that the camera that the front camera is going to be good enough to make that work.

  • Reply 218 of 330
    rayzrayz Posts: 814member
    Quote:

    Originally Posted by Ramrod View Post

     

     

    Haha, what tool you are. Typical Apple apologist. Grow a pair and start thinking for yourself otherwise leave. You see, other phones like the Lumia 920 or GS4 would allow you to use your phone with your gloves on.


     

    Or rather than getting an inferior phone, I could just buy a different pair of gloves:

     

    http://www.macworld.com/article/1156543/touchscreen_gloves_review.html

  • Reply 219 of 330
    1983 wrote: »
    Cracked within a couple of days! This is not good for Apple, basically they've been promoting a security technology that it turns out, isn't all that secure! Their finger-print sensor now is nothing more than a convenient way for unlocking an iPhone. I really hope they can fix it (doubtful) because the haters are going to be all over this. This is something they should of looked into before purchasing AuthenTec in the first place. I remember at the time it was a rather rushed purchase - they maybe paying the price for that now. I wonder how Apple's damage control is going to handle this?

    Apple is touched by your concern for their image. /s
  • Reply 220 of 330

    Is it choice of administration of Appleisider to end up as a gossip site?

Sign In or Register to comment.