back to article Chaos Computer Club: iPhone 5S finger-sniffer COMPROMISED

Well, that lasted a long time: the Chaos Computer Club has already broken Apple's TouchID fingerprint lock, and warns owners against using biometric ID to protect their data. As the group explains here, it seems that the main advance in Cupertino's biometrics was that it uses a high resolution fingerprint scan. The post states …

COMMENTS

This topic is closed for new posts.

Page:

Holmes

Like some of the other comments, it's been done before, and has long since proved to be rather insecure. Besides, the Mythbusters team demonstrated this same fingerprint duplication technique in 2006. Not only that, it's been shown elsewhere, that a good (albeit short and very useable) regular password, offers more combinations than biometric fingerprints anyway.

Like I've said before, it's just not funny anymore...

5
0

Scamming biometric ID was practically institutionalized in Brazil and they got caught just this year. If people can cheat a piece of installed hardware at the hospital, where you, presumably, can't fiddle around with it for hours, doing it to a device in you tote around in your pocket should come as no surprise. Especially after all the hubbub in the media about how advanced it was.

http://www.telegraph.co.uk/news/worldnews/southamerica/brazil/9926151/Doctor-in-Brazil-used-fake-fingers-to-sign-in-absent-colleagues.html

2
0
Anonymous Coward

There are better readers

The issue is indeed that this is FP scamming for beginners - I think I still even have a copy of the original paper Tsutomu Matsumoto kindly sent me. There are much better FP scanners out there, but they are a lot more expensive.

0
0

Who wants to be the one to break it to the fapples?

There will be tears. There will be downvotes. What I doubt there will be is a let up in people transgrading.

3
4
Anonymous Coward

Re: Who wants to be the one to break it to the fapples?

Probably leave it to someone who, unlike you, doesn't randomly oscillate between throwing insults and pretending not to be a partisan: http://forums.theregister.co.uk/forum/containing/1962953

3
3

Re: Who wants to be the one to break it to the fapples?

Depends on my mood. I have days of sunshine and days of thinner, sure. Always post as my own username though not hide behind AC - I may be fickle but I'll be fickle to your face.

12
1
Anonymous Coward

Internet person in mood change shocker!

Because posting as AC is so brave

2
1
Anonymous Coward

Re: Who wants to be the one to break it to the fapples?

AC claiming that a single user is fickle? Ludicrous criticism when posting AC, think it through dimwit!

1
1

Back to the drawing board

This time maybe wear gloves.

0
0
rvt

I don't see how this is different to some devices that uses a image of your face to allow you into the system.

I think I would like to see a hack where they copied the fingerprint from any place other then the users finger itself to unlock the device. However, I fail to see why this is news worthy. This has been done in the way past

and will be done in future.

But we also have to think about the usecase, this is not to open a bank or your safe. THis is to unlock a phone! If you have more secure stuff on this, simply use the complicated passcode lock, the one that asks more then 4 digits and you are good, well better at least!

2
0

In the context of 2fa makes a heap of sense.

0
0
FAIL

Fingerprints, DNA...

it really doesn't matter - If someone can make it, you can bet someone can break it.

1
0
Stop

Erm...

I don't get the big deal, all Apple need to do is patent this as a fingerprint retrieval mechanism. Then anyone doing this will face stiffer punishment then the theft of the phone would incur anyway.

1
0
Silver badge

DMCA

Digit Metadata Copied Again

1
0
Anonymous Coward

Embedded RFIDs in your hand

Embed RFID under the skin on the owners hand.

User swipes finger to access

Phone reads RDFID + swipe

Access granted.

The future is here!

0
2

This post has been deleted by its author

Joke

Re: Embedded RFIDs in your hand

"Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, so that no one can buy or sell unless he has the mark"

Revelation 13:16-17

Is Steve planning his next big thing?

3
0
Silver badge

Re: Embedded RFIDs in your hand

Remotely cloneable at about 3m or more.

0
0
Anonymous Coward

Re: Embedded RFIDs in your hand

I prefer Llama 13:13-26

And lo, for the flying spaghetti monster doth say "for he with the jesus phone shall be loved by all"

1
0

Re: Embedded RFIDs in your hand

What version of the Bible did you quote that uses 'also' in that manner? Genuinely curious.

0
0

Re: Embedded RFIDs in your hand

NIV and ESV both start with "Also" the line goes on from "he gave the image the power to speak" (a prophesy about Siri perhaps?)

1
0
Silver badge
Trollface

Re: Embedded RFIDs in your hand

This is not the revelation you're looking for. It's based on Apple ID so if you don't have the mark then just borrow somebody else's.

0
0

Pinky?

Isn't the workaround for the 5s owner to unlock with their pinky or other alternative finger that they're not prodding their phone with? That removes this hack from the hands of your average thief.

0
0
Silver badge

Re: Pinky?

The biggest problem with any of the fingers is the fact that, where necessary, they can be easilly removed..... Think small knife and Yakuza.

0
0
Silver badge

Re: Pinky?

You really think a thief is going to cut off a finger? Given a choice between cutting off someone's finger and just holding the knife in front of them and saying "unlock your phone for me or I'll stab you" I think most thieves will choose the latter since it would be a much shorter sentence if you're caught.

5
0
Silver badge

Re: Pinky?

" I think most thieves will choose the latter since it would be a much shorter sentence if you're caught."

I am not convinced that thiefs bring the length of the sentence into the equation when they are stealing things. If they did they would not steal things .....as often..

0
0
Anonymous Coward

Re: Pinky?

"You really think a thief is going to cut off a finger? Given a choice between cutting off someone's finger and just holding the knife in front of them and saying "unlock your phone for me or I'll stab you" I think most thieves will choose the latter since it would be a much shorter sentence if you're caught."

The chinese are selling body parts to join the folly. We don't like in fairies and unicorns land! Just wait till you hear it on the news!

0
2

Re: Pinky?

I think if Apple went to finger vein technology instead people would be talking about it as if was genuinely innovative, it stops all that copying fingerprints and fingers cease to validate without a blood supply - they use it for cash machines.

0
0

Re: Pinky?

Even simpler, just use your other hand.

0
0
Silver badge

Re: Pinky?

DougS

"You really think a thief is going to cut off a finger?"

Does your car have a fingerprint reader? No? There's a reason they stopped installing them...

0
1

I suppose that is less messy than the pair of pliers I was planning to use of the Northern line this morning.

0
0
Joke

Security by obscurity

Use someone else's finger

4
0
Anonymous Coward

Re: Security by obscurity

Or sit on your own finger until it goes numb and you can pretend it's someone else's?

Or have I got the wrong forum....

7
0
Anonymous Coward

Re: Security by obscurity

Isn't the video just showing the reader's ability to see through the latex (or glue, or whatever it is) copy of the finger print into the real one? If they used a second person with the latex, that would be fair play.

3
3

Re: Security by obscurity

"Isn't the video just showing the reader's ability to see through the latex (or glue, or whatever it is) copy of the finger print into the real one? If they used a second person with the latex, that would be fair play."

No, not really. If the video was supposed to be a good demonstrator, the guy should have placed his middle finger on the sensor several times to indicate a negative; then apply the fake print and show that it is indicated positively. Not sure why anyone would miss such an obvious test. As it is, I wouldn't be at all surprised if a thin film applied to an already-registered finger was recognised.

2
0
Joke

Re: Security by obscurity

Or just scan some other unique bodily appendage instead. That alone might make a thief think otherwise when stealing the phone...

0
0

Re: Security by obscurity

Watch the video again. He uses his index finger to train the sensor, then his middle finger with the latex print. Even if it can see through the latex, it's going to see a different "real" fingerprint.

1
0
Anonymous Coward

Can we repeat all this slagging off

when the great god Samsung releases a phone with a similar feature?

Will the likes of BetFred open a book on how long it will that someone to crack their scanner?

Nah thought not.

0
5
Facepalm

Re: Can we repeat all this slagging off

We could slag off the low security of Samsungs face unlock feature.. but then again they tell you its low security, I suspect the same thing will happen when they bring out this feature.. a note will probably say medium security...

5
0
Meh

Re: Can we repeat all this slagging off

Also, can we go back to the iFans' answers to the claims that Moto had this on the Atrix a couple years ago. You know the ones about how it takes Apple to make one that actually works.

Turns out they were wrong again.

0
0
JDX
Gold badge

How easy is it REALLY to get your fingerprint from a phone?

The idea that a modern phone is a perfect fingerprint retrieval surface seems to make sense, but is it really? Maybe when your phone is new and clean, but what about after you've been touching it dozens of times a day? Won't the prints all be overlapping and smudged?

0
0

Re: How easy is it REALLY to get your fingerprint from a phone?

While I do agree... I don't know about you, but I tend to wipe my screen off rather frequently to keep it from being all smudged simply so I can actually see the thing. The rest of the thing is rather not-smooth thanks to the bumper case I've got.

0
0
Anonymous Coward

Re: How easy is it REALLY to get your fingerprint from a phone?

"The idea that a modern phone is a perfect fingerprint retrieval surface seems to make sense, but is it really? Maybe when your phone is new and clean, but what about after you've been touching it dozens of times a day? Won't the prints all be overlapping and smudged?"

Would this be the only means? No!

Its a major secuirity fail. Once again Apple prove they just copy another idea and try to implement it in a way the feeble minded think is cool. Huge increase in their bank balanace. Worked a treat so far.

1
3
JDX
Gold badge

Re: How easy is it REALLY to get your fingerprint from a phone?

The only means... no. By far the biggest.... yes. Someone nicks your phone and wants to be able to unlock it.

0
0

Re: How easy is it REALLY to get your fingerprint from a phone?

Fingerprinting doesn't work like in the movies. You almost never get a whole, clean, unsmudged print. If you've ever been arrested you know how hard it is for the police to print you successfully.

Fingerprint recognition works by matching a number of individual points, not the entire print; you don't need an entire print.

1
0
Silver badge
Pint

Re: How easy is it REALLY to get your fingerprint from a phone?

It just means that I will have to buy you a drink before I steal your phone and the glass.

0
0

Funny really ...

Well gee ... if someone had a 2400 dpi scan of my 12 digit password they could also gain access.

0
7

Re: Funny really ...

Do you involuntarily leave a retrievable (by whatever means) copy of your 12 digit password on every solid surface you touch?

Didn't think so.

7
0
JDX
Gold badge

Re: Funny really ...

So you think a burglar is going to follow someone around, waiting for them to discard an empty soft drink can, before fishing it out of the bin and then nicking their phone?

2
1

Re: Funny really ...

Nope.

But it's not like kids old enough to pull off a trick like this aren't interested in abusing mummy and daddys iTunes account.

Another interesting question is - does the iTunes section of iOS show the full card number of the card you use to buy things - including CSV - and have they allowed this to be accessible with single factor fingerprint?

I don't have a device here to confirm whether those details are present in plaintext or if it's hashed out to the last four numbers (as I'd expect) - can anyone have a deek at their iDevice and confirm/deny whether it shows the whole number once entered? Google Images is showing me nothing, natch...

Steven R

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2017