• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple's Touch ID System Bypassed by Hacker Group in Germany


    A hacker group in Germany claims to have defeated Apple’s new Touch ID biometric security system by using a modified fingerprint lifting and “fake finger” creation technique. According to a detailed walkthrough of the bypass provided by the group’s biometric hacking team, the iPhone 5S’ Touch ID hardware is, in effect, merely a higher resolution version of existing sensors. This means the system can be defeated using common fingerprint lifting techniques, although it should be noted that this needs to be done at a more refined level. The bypass is demonstrated in the short video below:



    The system is detailed in a method which requires obtaining the original user’s fingerprint. The following was said regarding the method:

    First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
    For those of you who didn’t know, Apple’s new iPhone 5S includes a fingerprint sensor called Touch ID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users however can continue to use a pin or password as an alternative to the fingerprint sensor, though this is arguably even less secure than duplicating someone’s fingerprint.

    CCC spokesman Frank Reiger said the following regarding the whole ordeal:

    We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.
    Source: Chaos Computer Club
    This article was originally published in forum thread: Apple's Touch ID System Bypassed by Hacker Group in Germany started by Akshay Masand View original post
    Comments 29 Comments
    1. nealh's Avatar
      nealh -
      The process to hack the fingerprint sensor is absurd. Might as well cut off the persons finger
    1. claustin's Avatar
      claustin -
      Um, so who's to say they didn't register that finger before hand and the sensor was detecting it through the clear plastic? It's supposed to be reading the live dermis layer under the dead epidermis layer. This video doesn't prove anything to me so far.
    1. GhStRdR2k's Avatar
      GhStRdR2k -
      Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      You can unlock their phone? Congrats. But when I track you via find my iPhone (because you can't disable that with a fingerprint) I'll keep in mind you went the extra mile to lift my print and steal my phone.
    1. bbongrip's Avatar
      bbongrip -
      Not to mention how easy it is to look while someone types there code in. The fingerprint idea still serves the purpose it was intended to do. Everyone likes to nitpick everything apple does but u don't hear about any one trying to hack an S4 which I'm sure is as easy as an iPhone.
    1. Beeb's Avatar
      Beeb -
      Quote Originally Posted by ThatOneProfile View Post
      You can unlock their phone? Congrats. But when I track you via find my iPhone (because you can't disable that with a fingerprint) I'll keep in mind you went the extra mile to lift my print and steal my phone.
      I guarantee there is ppl out there trying to crack that also. I hope it's not possible.
    1. charliebee's Avatar
      charliebee -
      Quote Originally Posted by GhStRdR2k View Post
      Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?
      This.
    1. PokemonDesigner's Avatar
      PokemonDesigner -
      Honestly. Who gives a s***? That's way too much work for a person. If they really want in they'll just restore as new. Easy as that.
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      Restoring at all requires find my iPhone to be off. That is only possible with your apple id password.
    1. politicalslug's Avatar
      politicalslug -
      Between this and lock activation, I think Apple has effectively rendered the value of a stolen iPhone as nothing more than a pricey paperweight. The real question is how long will this take to trickle down to thieves and how many thieves will start incorporating "disable find my phone b-fo I smoke a fool" into their repertoire.
    1. Adrian97c's Avatar
      Adrian97c -
      If somebody can "hack" my finger print (or hack entire finger off), then they can have all my data well deserved lol
    1. Brick James's Avatar
      Brick James -
      Quote Originally Posted by GhStRdR2k View Post
      Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?
      Agreed
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      Quote Originally Posted by charliebee View Post
      This.
      It will happen regardless. By developers or thieves. Either or, apple will update their software and everyone will be back at square one. Apple wanted to take the incentive away from criminals. They did a good job of this with the 5s and iOS7.
    1. LaddersRCool's Avatar
      LaddersRCool -
      Well the winner of the 16k worth of booze, an iPhone 5c and porn is a group of germans and they USED A TRANSPARENT PIECE OF PLASTIC!!!!!!!!!!!!!!1
    1. Hillefied's Avatar
      Hillefied -
      The idea, technology, and implementation of TouchID is extremely impressive for consumer electronics. Other personal computing technologies such as notebooks used fingerprint scanners to secure the device, but nothing as intricate and revolutionary as hardware based security on one the most mobile technologies in the world.

      Having said that, yes, these "hackers" found a way to supposedly circumvent this technology, but not by hacking and using more ingenuity than most thieves would find irrevocably useless in that line of criminal activity. One could argue that a thief's best and worst friend is time. The less time it takes to steal, the less time to get caught.

      My fear was the hardware protocol being secure enough to protect the data used to store and implement fingerprints. I would want peace-of-mind knowing that the information is three things: 1. Exceedingly improbable to access, 2. Secured by more than the standard encryption, and 3. If all else, the data, if miraculously retrieved, could not be reversed engineered (or at the very least, make it nearly impossible and not worth it).

      As with most technology, there may be security geniuses testing those three variables to circumvent TouchID, but I'd like to think that they are testing vulnerabilities in order to help protect the consumers. Lofty? Yes. But we can hold onto hope.
    1. recognition's Avatar
      recognition -
      I'm going to scan my big toe, good luck trying to get a photograph of that!
    1. smitty's Avatar
      smitty -
      this guys got the major case of the shakes.. maybe he should go easy on the crack..
    1. fleurya's Avatar
      fleurya -
      Quote Originally Posted by LaddersRCool View Post
      Well the winner of the 16k worth of booze, an iPhone 5c and porn is a group of germans and they USED A TRANSPARENT PIECE OF PLASTIC!!!!!!!!!!!!!!1
      I think that prize was to successfully pull the fingerprint data off the phone, not to circumvent the fingerprint scanner.
    1. Scotty Manley Silberhorn's Avatar
      Scotty Manley Silberhorn -
      Quote Originally Posted by PokemonDesigner View Post
      Honestly. Who gives a s***? That's way too much work for a person. If they really want in they'll just restore as new. Easy as that.
      You can't just restore a phone anymore. Apple has taken security seriously and you have to put in your Apple ID information to activate the phone again.
    1. tallnatt's Avatar
      tallnatt -
      Quote Originally Posted by nealh View Post
      The process to hack the fingerprint sensor is absurd. Might as well cut off the persons finger
      I think that they make it seem like it is some HACK or CRACK that is more absurd. A crack implies using some other "key" to other than the stored "key" to open the "lock". In this case the guys are just making a copy of the original "key" (nothing stored on the device or intercepted during a unlock transaction) and using that to open the "lock". As far as wear to get fingerprints from it seems to logical to think that the persons own iPhone would be loaded with their own fingerprints probably more so on the sides and back. Possible even the fingerprint sensor (but probably nothing clear due to the oleo-phobic coating).

      edit-
      After watching the video there are a few great clear fingerprints on the screen ripe for pulling.