+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 30

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple's Touch ID System Bypassed by Hacker Group in Germany

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,752
    Thanks
    3
    Thanked 117 Times in 103 Posts

    Default Apple's Touch ID System Bypassed by Hacker Group in Germany


    A hacker group in Germany claims to have defeated Apple’s new Touch ID biometric security system by using a modified fingerprint lifting and “fake finger” creation technique. According to a detailed walkthrough of the bypass provided by the group’s biometric hacking team, the iPhone 5S’ Touch ID hardware is, in effect, merely a higher resolution version of existing sensors. This means the system can be defeated using common fingerprint lifting techniques, although it should be noted that this needs to be done at a more refined level. The bypass is demonstrated in the short video below:



    The system is detailed in a method which requires obtaining the original user’s fingerprint. The following was said regarding the method:

    First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
    For those of you who didn’t know, Apple’s new iPhone 5S includes a fingerprint sensor called Touch ID, which can be used to unlock the iPhone as well as make purchases on the Apple iTunes store. Users however can continue to use a pin or password as an alternative to the fingerprint sensor, though this is arguably even less secure than duplicating someone’s fingerprint.

    CCC spokesman Frank Reiger said the following regarding the whole ordeal:

    We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.
    Source: Chaos Computer Club

    Twitter: @AkshayMasand

  2. #2
    Livin the iPhone Life
    Join Date
    Aug 2010
    Posts
    2,182
    Thanks
    5,138
    Thanked 1,434 Times in 683 Posts

    The process to hack the fingerprint sensor is absurd. Might as well cut off the persons finger

  3. #3
    Green Apple
    Join Date
    May 2012
    Posts
    91
    Thanks
    0
    Thanked 11 Times in 10 Posts

    Um, so who's to say they didn't register that finger before hand and the sensor was detecting it through the clear plastic? It's supposed to be reading the live dermis layer under the dead epidermis layer. This video doesn't prove anything to me so far.

  4. #4
    iPhone? More like MyPhone
    Join Date
    Oct 2009
    Posts
    157
    Thanks
    11
    Thanked 12 Times in 9 Posts

    Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?

  5. #5
    iPhone? More like MyPhone ThatOneProfile's Avatar
    Join Date
    Jan 2013
    Posts
    282
    Thanks
    46
    Thanked 31 Times in 24 Posts

    You can unlock their phone? Congrats. But when I track you via find my iPhone (because you can't disable that with a fingerprint) I'll keep in mind you went the extra mile to lift my print and steal my phone.

  6. #6
    What's Jailbreak?
    Join Date
    Dec 2008
    Posts
    24
    Thanks
    2
    Thanked 1 Time in 1 Post
    Not to mention how easy it is to look while someone types there code in. The fingerprint idea still serves the purpose it was intended to do. Everyone likes to nitpick everything apple does but u don't hear about any one trying to hack an S4 which I'm sure is as easy as an iPhone.

  7. #7
    What's Jailbreak?
    Join Date
    Jul 2010
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by ThatOneProfile View Post
    You can unlock their phone? Congrats. But when I track you via find my iPhone (because you can't disable that with a fingerprint) I'll keep in mind you went the extra mile to lift my print and steal my phone.
    I guarantee there is ppl out there trying to crack that also. I hope it's not possible.

  8. The Following User Says Thank You to Beeb For This Useful Post:

    iH85CH001 (09-25-2013)

  9. #8
    Green Apple
    Join Date
    Mar 2011
    Posts
    71
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by GhStRdR2k View Post
    Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?
    This.

  10. #9
    My iPhone is a Part of Me PokemonDesigner's Avatar
    Join Date
    Dec 2010
    Posts
    586
    Thanks
    171
    Thanked 59 Times in 41 Posts

    Honestly. Who gives a s***? That's way too much work for a person. If they really want in they'll just restore as new. Easy as that.

  11. The Following User Says Thank You to PokemonDesigner For This Useful Post:

    iH85CH001 (09-25-2013)

  12. #10
    iPhone? More like MyPhone ThatOneProfile's Avatar
    Join Date
    Jan 2013
    Posts
    282
    Thanks
    46
    Thanked 31 Times in 24 Posts

    Restoring at all requires find my iPhone to be off. That is only possible with your apple id password.

  13. #11
    My iPhone is a Part of Me politicalslug's Avatar
    Join Date
    Sep 2007
    Location
    Woodland Hills, CA + Santa Cruz, CA
    Posts
    579
    Thanks
    13
    Thanked 109 Times in 73 Posts

    Between this and lock activation, I think Apple has effectively rendered the value of a stolen iPhone as nothing more than a pricey paperweight. The real question is how long will this take to trickle down to thieves and how many thieves will start incorporating "disable find my phone b-fo I smoke a fool" into their repertoire.
    They can have my jailbreak when they pry it from my cold dead fingers.

  14. #12
    Green Apple Adrian97c's Avatar
    Join Date
    Jan 2012
    Posts
    39
    Thanks
    0
    Thanked 16 Times in 8 Posts

    If somebody can "hack" my finger print (or hack entire finger off), then they can have all my data well deserved lol

  15. #13
    Green Apple Brick James's Avatar
    Join Date
    Mar 2009
    Location
    Savannah, GA.
    Posts
    90
    Thanks
    9
    Thanked 22 Times in 13 Posts

    Quote Originally Posted by GhStRdR2k View Post
    Not to take anything away from the group and the hard work they put into this, but your average iPhone thief is not going to have the time or ability to follow you around and hope you touch something so that he/she can lift your fingerprint and make a wax finger. Your average thief is looking to make a quick buck. Not to mention, who is to say that the iphone owner used his index finger or thumb for Touch ID? Maybe he used his pinky on his non dominant hand?
    Agreed
    If you need help, drop me a message.

  16. #14
    iPhone? More like MyPhone ThatOneProfile's Avatar
    Join Date
    Jan 2013
    Posts
    282
    Thanks
    46
    Thanked 31 Times in 24 Posts

    Quote Originally Posted by charliebee View Post
    This.
    It will happen regardless. By developers or thieves. Either or, apple will update their software and everyone will be back at square one. Apple wanted to take the incentive away from criminals. They did a good job of this with the 5s and iOS7.

  17. #15
    Green Apple
    Join Date
    Jul 2013
    Posts
    47
    Thanks
    1
    Thanked 9 Times in 9 Posts

    Well the winner of the 16k worth of booze, an iPhone 5c and porn is a group of germans and they USED A TRANSPARENT PIECE OF PLASTIC!!!!!!!!!!!!!!1

  18. #16
    iPhone? More like MyPhone Hillefied's Avatar
    Join Date
    Sep 2011
    Posts
    166
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default Absurdity in the Details
    The idea, technology, and implementation of TouchID is extremely impressive for consumer electronics. Other personal computing technologies such as notebooks used fingerprint scanners to secure the device, but nothing as intricate and revolutionary as hardware based security on one the most mobile technologies in the world.

    Having said that, yes, these "hackers" found a way to supposedly circumvent this technology, but not by hacking and using more ingenuity than most thieves would find irrevocably useless in that line of criminal activity. One could argue that a thief's best and worst friend is time. The less time it takes to steal, the less time to get caught.

    My fear was the hardware protocol being secure enough to protect the data used to store and implement fingerprints. I would want peace-of-mind knowing that the information is three things: 1. Exceedingly improbable to access, 2. Secured by more than the standard encryption, and 3. If all else, the data, if miraculously retrieved, could not be reversed engineered (or at the very least, make it nearly impossible and not worth it).

    As with most technology, there may be security geniuses testing those three variables to circumvent TouchID, but I'd like to think that they are testing vulnerabilities in order to help protect the consumers. Lofty? Yes. But we can hold onto hope.

  19. #17
    Green Apple
    Join Date
    Jan 2009
    Location
    London, UK
    Posts
    72
    Thanks
    4
    Thanked 4 Times in 3 Posts

    I'm going to scan my big toe, good luck trying to get a photograph of that!

  20. #18
    What's Jailbreak?
    Join Date
    Oct 2007
    Posts
    23
    Thanks
    0
    Thanked 5 Times in 3 Posts

    this guys got the major case of the shakes.. maybe he should go easy on the crack..

  21. #19
    iPhoneaholic
    Join Date
    Apr 2008
    Posts
    388
    Thanks
    0
    Thanked 51 Times in 40 Posts

    Quote Originally Posted by LaddersRCool View Post
    Well the winner of the 16k worth of booze, an iPhone 5c and porn is a group of germans and they USED A TRANSPARENT PIECE OF PLASTIC!!!!!!!!!!!!!!1
    I think that prize was to successfully pull the fingerprint data off the phone, not to circumvent the fingerprint scanner.

  22. #20
    My iPhone is a Part of Me
    Join Date
    Jan 2012
    Posts
    643
    Thanks
    2
    Thanked 88 Times in 70 Posts

    Quote Originally Posted by PokemonDesigner View Post
    Honestly. Who gives a s***? That's way too much work for a person. If they really want in they'll just restore as new. Easy as that.
    You can't just restore a phone anymore. Apple has taken security seriously and you have to put in your Apple ID information to activate the phone again.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts