PDA

View Full Version : iPhone 5S Touch ID hacked by fake fingerprints !!!!!



TattooedMac
09-23-2013, 07:33 AM
iPhone 5S Touch ID hacked by fake fingerprints | CNET UK (http://crave.cnet.co.uk/mobiles/iphone-5s-touch-id-hacked-by-fake-fingerprints-50012308/)



"Fingerprints should not be used to secure anything," say the fast-fingered fakers. "You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

A bug in Apple's new iOS 7 software allows wrong'uns to bypass a locked screen, but software issues can at least be solved by future updates; hardware issues are more troublesome.

The new iPhone is supposed to be so secure that police officers in New York are handing out flyers outside subway stations recommending Apple-owning Gothamites to update to iOS 7 as soon as possible.

Hmmmmm

bobtomay
09-23-2013, 08:00 AM
Yeah, am sure we all knew someone would figure out how to get passed it.

Don't see how that helps out the pick pocket or those where it's only a matter of convenience that find a phone left behind somewhere.

Am pretty sure the local bartender is running out to grab a jar of graphite and a camera to keep behind the counter just waiting for someone to forget their phone - and which glass does this phone belong to?

Raz0rEdge
09-23-2013, 10:34 AM
Well this is a tad confusion since it isn't fake fingerprints that is bypassing the phones, but rather molds of your fingerprints that is doing it..

However, what is interesting is that the fingerprints you leave everywhere is essentially your surface print, but the sensor in the iPhone 5S (if you see the presentation and other media) indicate that the sensors goes deeper and the discerns the "inner" fingerprints for recognition.

You would think that this would be harder to replicate and thus the system is harder to circumvent..

MacInWin
09-23-2013, 10:34 AM
Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. One thought, is it more secure if you use something other than the thumb or index finger?

In any event, it's like the keys to your car, they are there to keep honest people honest and to make you more secure than your neighbor. Not designed to keep the really dedicated crooks out.

fleurya
09-23-2013, 10:51 PM
Doesn't matter. It's probably still easier to crack one's passcode, which can still be used as an alternate to the finger print to unlock.

To me this is mostly a measure to bridge the gap between security and convenience. Many people, like me didn't care to punch in a code 100 gives a day, so we went without. This way my phone is more secure and actually easier to unlock than before without a passcode!

In any event, the biggest security improvement probably was the activation lock rather than the fingerprint reader. It'll berm ore of a deterrent to theives to go after easier targets if they know they can't simply wipe the software and sell it off.

danny842003
09-24-2013, 08:14 AM
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.

fleurya
09-24-2013, 09:05 AM
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.

Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.

Raz0rEdge
09-24-2013, 10:22 AM
Half of the security firms out there are in the business of compromising security for the sake of demonstrating that it can be done. Common sense tells you that not only do hackers need to get a clean print (and the right finger), they also need to access your device..and that's become more and more inseparable from the owners these days..:)

As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..

And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..

vansmith
09-24-2013, 12:11 PM
As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..This. Fingerprint scanners are not bullet proof just as activation lock isn't (it's a matter of time before it is cracked, not whether or not it will happen). I'm sure, with time, means of getting around it will become more common. This is certainly not a criticism of the inclusion since it's an interesting approach to securing the phone. However, it's best to remember (something that this "hack" does) that no security is ever going to be perfect on any device anywhere at any time.

I think the Ars assessment and suggestion is right (http://arstechnica.com/security/2013/09/defeating-apples-touch-id-its-easier-than-you-may-think/) - this would work well in concert with some other form of identification. If they can get the scan down to near zero time, this would be a nice complement to another form of authentication.

Raz0rEdge
09-24-2013, 12:16 PM
I think the Ars assessment and suggestion is right (http://arstechnica.com/security/2013/09/defeating-apples-touch-id-its-easier-than-you-may-think/) - this would work well in concert with some other form of identification. If they can get the scan down to near zero time, this would be a nice complement to another form of authentication.

How long before we have fingerprint, iris, and voiceprint security before we can unlock the phone?? :)

danny842003
09-24-2013, 01:20 PM
And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..

I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.

vansmith
09-24-2013, 02:01 PM
How long before we have fingerprint, iris, and voiceprint security before we can unlock the phone?? :)Give it time...


I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.Many apps make you enter a code and then, if still open, will accept input when switched back to. In other words, someone could access it if you had it open at some point and hadn't completely closed it.

TattooedMac
09-24-2013, 07:59 PM
I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.

My bank has like the web login a 2 stage login, for added security, and trust me, i have never ever been in too much of a hurry anytime to have to put in the 2 pieces of information to access that on my iPhone, iPad Mini or Mac. As well as that 1Password Browser, if i switch to another App and come back to it, I need to either re-enter my passphrase or the quick entry 4 digit pin to access it.
And 1Password 4 is going to be a doozie IMO. Its still beta stage but GM is only around the corner.

Lifeisabeach
09-26-2013, 12:28 AM
Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.

Exactly. Even if someone was planning to do that, in the time it'd take them to get to the point where they could have the fake fingerprint ready to go, you could have the blasted thing locked down with "Find my iPhone".

chas_m
09-26-2013, 05:56 AM
Okay, two things:

1. Actually reading what is ACTUALLY involved in this "hack" should make any rational person laugh out loud. If you think this is likely to happen to you, you have a screw loose (to be blunt). So until someone comes up with a PRACTICAL, REALISTIC way to break this that is easily repeatable and low-cost, I'd say your iPhone 5s is WAY more secure than any phone you've ever had in your life.

2. So. Much. Stupid. Misinformation. Not from you guys, but from the ignoramuses that write these articles.

The point of Touch ID is to reduce theft by encouraging people to be more proactive about iPhone security. That's pretty much it.

a. The fingerprint scan is entirely optional (and if you DO use it, it requires at least a four-digit passcode for backup/fallback). It doesn't get sent anywhere. Apple doesn't have it, third parties (even Apple developers) don't have it, the NSA doesn't have it. (the NSA already had your fingerprints long ago, that's another story altogether)

b. If the fingerprint scan is on and you don't use it to unlock the iPhone at least once within 48 hours, you'll need to enter the passcode to get back in. You can still set a simple or complex passcode as before, and use that if you prefer.

c. You can have no passcode or fingerprint scan if that's what you want. If you take your phone out in public, you're being a fool not to have at least a passcode AND Activation Lock IMHO, but it's your decision of course.

d. Fingerprints and any other security methods can conceivably be "hacked" (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point.

cradom
09-26-2013, 03:22 PM
Forget fingers. Just going to leave this here...
The iPhone 5S Fingerprint Scanner Works On Nipples, Too (http://www.huffingtonpost.com/2013/09/23/iphone-5s-fingerprint-scanner-nipples_n_3975522.html)

Exodist
09-29-2013, 10:24 AM
Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. .
More then likely there is a nice figure print. More then likely the one that is also used to unlock the device already on the home button anyway.. Sprint little light powder on it and a piece of masking tape should let anyone in.. This isnt a how to.. this is just common sense..

SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.


They should have had that 9 dot pass code thingy. Then again it would eventually were a path (scratches) out in the screen from repeated use.. :(

Lifeisabeach
09-29-2013, 05:40 PM
SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.

Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.

danny842003
09-29-2013, 06:19 PM
Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.

Exactly just because it could be done, done not mean anyone is going to bother.

chas_m
09-29-2013, 08:24 PM
Since this appears to need repeating:

"Fingerprints and any other security methods can conceivably be 'hacked' (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point."

XJ-linux
09-29-2013, 09:02 PM
In another life, we use to joke about fingerprints and their supposed utility in security. Fingerprints are special in that they are unique to you and are tough to physically remove from your person - they follow you. However, there is nothing about them that makes them especially tough to copy or reproduce from a sample. Because they are tied to you, you leave samples of them everywhere and few people clean up all the samples they leave behind. It's still a cool convenience feature and something few snatch and grab jerks are going to exploit.
I'm boring as well and would probably have my phone remotely wiped within a few hours if it was swiped. I don't use it for banking or anything important. There is nothing stored on it of consequence other than my schedule and my family's addresses. My family all shoot competently and distrust strangers, so I'm not too worried.

vansmith
09-29-2013, 09:12 PM
I'd say your iPhone 5s is WAY more secure than any phone you've ever had in your life.No it's not (here (http://www.zdnet.com/iphones-most-vulnerable-among-smartphones-7000013129/), here (http://bgr.com/2013/03/26/iphone-security-software-vulnerabilities-ios-397421/)) and until there are definitive reports that any one platform is objectively more secure and less vulnerable than the others (has anyone does an objective study including iOS 7?), it's impossible to make this claim without any qualifications. The inclusion of a fingerprint scanner and activation lock only limited access at a hardware level and do nothing to plug the bugs at the software level.


Fingerprints and any other security methods can conceivably be "hacked" (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point.From a security standpoint, I can probably go along with this. From a position rooted in the realities of the iPhone's position in the (North American) market, not even close. Apple's continued mythologizing of the device and high level rhetoric about it's "purposefully imagined" existence and the inclusion of the "most advanced technology" (their words) only means that the allure is increased. Look at a typical university campus - no one is going to steal the ugly Lenovo machine on the desk if a Mac is there.

Lifeisabeach
09-29-2013, 10:44 PM
No it's not (here (http://www.zdnet.com/iphones-most-vulnerable-among-smartphones-7000013129/), here (http://bgr.com/2013/03/26/iphone-security-software-vulnerabilities-ios-397421/))

Seriously dude? SERIOUSLY? Your second link is just a gloss over of the first. Besides, what exactly are these "vulnerabilities" anyway? Just how are these actually being used? That article is big on claims, but does nothing to substantiate them. The comments on the ZDNET article call them out on it. I found this little gem from that article interesting:

"With Android devices, cybercriminals see less reason to look for vulnerabilities to penetrate smartphones, he added. Android's open platform already easily opens up for third party and malicious apps to be easily created for users to download, he explained."

Translation: Android is easily.... EASILY... compromised.


...and until there are definitive reports that any one platform is objectively more secure and less vulnerable than the others (has anyone does an objective study including iOS 7?), it's impossible to make this claim without any qualifications. The inclusion of a fingerprint scanner and activation lock only limited access at a hardware level and do nothing to plug the bugs at the software level.

Apple has already plugged the lockscreen bugs. No others exist that I have read of, though it may take time to discover more. Otherwise, there is no malware on iOS (short of a couple proofs of concepts). Android is riddled with it. Also, remind me again of how long it took iOS 6 to be jailbroken? A process that requires vulnerabilities? And where are they with iOS 7? And for comparison, perhaps you can elaborate on how hard it is (or not hard) to root Android?


From a security standpoint, I can probably go along with this. From a position rooted in the realities of the iPhone's position in the (North American) market, not even close. Apple's continued mythologizing of the device and high level rhetoric about it's "purposefully imagined" existence and the inclusion of the "most advanced technology" (their words) only means that the allure is increased. Look at a typical university campus - no one is going to steal the ugly Lenovo machine on the desk if a Mac is there.

If the Mac is worth more on the black market, then of course it will be more likely to get stolen. That has nothing to do with the security of the OS or the iPhone.

vansmith
09-29-2013, 11:16 PM
Seriously dude? SERIOUSLY? Your second link is just a gloss over of the first. Besides, what exactly are these "vulnerabilities" anyway? Just how are these actually being used? That article is big on claims, but does nothing to substantiate them. The comments on the ZDNET article call them out on it. I found this little gem from that article interesting:Well, seeing as how I'm not making the claim in the affirmative, I shouldn't have to provide any evidence. However, here's (http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html) a list of 302 common vulnerabilities and exposures in iOS.


"With Android devices, cybercriminals see less reason to look for vulnerabilities to penetrate smartphones, he added. Android's open platform already easily opens up for third party and malicious apps to be easily created for users to download, he explained." Translation: Android is easily.... EASILY... compromised.I never brought Android into this but I'm glad you did because this makes it really easy for me. Android has 29 common vulnerabilities and exposures compared to iOS' 302 (source (http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html)). At least numerically, you're wrong. At this point, I have to ask you: seriously? Unless you can prove that those are easier to hack, you might want to rethink your defensive tone. And, if you want to take up the claim that iOS is more secure than anything else, please provide some evidence. I'm also going to preempt the inevitable "Android is easy to hack" argument because not only is that irrelevant but, if you're going to make the claim that it's more secure than everything, provide evidence for everything.


Apple has already plugged the lockscreen bugs. No others exist that I have read of, though it may take time to discover more. Otherwise, there is no malware on iOS (short of a couple proofs of concepts). Android is riddled with it.Once again, I never brought up Android nor did I bring up malware. Malware does not equal vulnerabilities (my original argument). At no point did I say that Android was free of malware nor did I ever say that iOS was riddled with it.


Also, remind me again of how long it took iOS 6 to be jailbroken? A process that requires vulnerabilities? And where are they with iOS 7? And for comparison, perhaps you can elaborate on how hard it is (or not hard) to root Android?Equating rooting with jailbreaking is an invalid comparison since rooting is about gaining administrative privileges. What you've done here is effectively equated exploiting a vulnerability with getting the admin password for an account on a Mac. Here's (http://en.wikipedia.org/wiki/Android_rooting) something that explains your false comparison:
Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts. In the tightly-controlled iOS world, technical restrictions prevent (1) installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this), (2) sideloading unsigned applications onto the device, and (3) user-installed apps from having root privileges (and are run in a secure sandboxed environment). Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices. That is, jailbreaking entails overcoming several types of iOS security features simultaneously. By contrast, only a minority of Android devices lock their bootloaders—and many vendors such as HTC, Sony, Asus and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely.[2][3][4] Similarly, the ability to sideload apps is typically permissible on Android devices without root permissions. Thus, primarily the third aspect of iOS jailbreaking, relating to superuser privileges, correlates to Android rooting.

I don't actually care about the answer to the question of "what is most secure" because not only does the answer change day to day but being smart can make any platform secure. I have no vested interest in taking a side here but rather, I'm interested in trying to unsettle any complacency about the security of iOS (and any other platform if that comes up) because nothing is more secure than everything else at all times in every circumstance. iOS has holes and hiding behind a veil of "Android is weak" does nothing to address the problems that iOS has.

Lifeisabeach
09-29-2013, 11:35 PM
I don't actually care about the answer to the question of "what is most secure" because not only does the answer change day to day but being smart can make any platform secure. I have no vested interest in taking a side here but rather, I'm interested in trying to unsettle any complacency about the security of iOS (and any other platform if that comes up) because nothing is more secure than everything else at all times in every circumstance. iOS has holes and hiding behind a veil of "Android is weak" does nothing to address the problems that iOS has.

And yet, in day to day usage, how exactly are these reported iOS vulnerabilities being exploited? If the OS itself is fundamentally insecure, then WHY is it not being exploited? You are making claims and providing "proof" that it is insecure, yet no real world evidence that these supposed insecurities are being exploited, despite "'Apple's continued mythologizing of the device and high level rhetoric about it's 'purposefully imagined' existence and the inclusion of the 'most advanced technology' (their words) only means that the allure is increased.'"

chas_m
09-30-2013, 12:37 AM
Just gonna leave this here:

Feds: Overwhelming majority of mobile malware on Android | Electronista (http://www.electronista.com/articles/13/08/27/apples.ios.seen.to.have.07.percent.of.threats.targ eting.it/)

But ignoring the overall security argument for a minute, Van also seems to have ignored the very section I reposted a second time.

Sorry, dude, but you are NEVER going to convince me that an iPhone that has a complex passcode, Touch ID, Find My iPhone AND activation lock is less secure than a typical Android phone with a gesture lock and that's it.

The reason you're never going to convince is the same reason you're not going to convince me that the earth is flat in spite of the fact that I personally have never been in orbit. :)

vansmith
09-30-2013, 11:37 AM
And yet, in day to day usage, how exactly are these reported iOS vulnerabilities being exploited? If the OS itself is fundamentally insecure, then WHY is it not being exploited?What do you think jailbreaks are?


Just gonna leave this here:

Feds: Overwhelming majority of mobile malware on Android | Electronista (http://www.electronista.com/articles/13/08/27/apples.ios.seen.to.have.07.percent.of.threats.targ eting.it/)

But ignoring the overall security argument for a minute, Van also seems to have ignored the very section I reposted a second time.

Sorry, dude, but you are NEVER going to convince me that an iPhone that has a complex passcode, Touch ID, Find My iPhone AND activation lock is less secure than a typical Android phone with a gesture lock and that's it.
Did you read my post? I clearly said that I wasn't talking about malware...


The reason you're never going to convince is the same reason you're not going to convince me that the earth is flat in spite of the fact that I personally have never been in orbit. :)Saying that the Earth is flat is objectively wrong. Saying that iOS is, without question, more secure, is not. That's a false comparison.

As for your section:
"Fingerprints and any other security methods can conceivably be 'hacked' (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point."I highlighted the very important part of your own words. At no point did I say that anything was impervious to vulnerabilities nor did I ever make the claim that anything else was perfect. Indeed, the only thing companies can do is reduce the entry points for vulnerabilities and plug them when they appear. The same goes for any platform.

I don't understand the defensiveness in the responses here - I'm pointing out the realities of vulnerabilities (which keep getting conflated with either malware or passcode access, neither of which have anything to do with vulnerabilities by the way in and of themselves). I'm not trying to make the claim that any platform is better than any other (despite the repeated attempts to drag Android into the discussion). In fact, all I'm trying to do is shine a light on the reality of the existence of vulnerabilities. You can make the claim that they're not exploited but that's just silly. That's akin to walking into a room with people who have the flu and saying "I haven't taken my flu shot but I don't have the flu so everything is fine." If you want to take that approach, so be it. However, it would seem more prudent to realize the CVE realities of each platform we use, whether or not it's likely or not. As I mentioned above, they are used in the real world - this is how jailbreaks work (again, I'm not talking about malware).

At the base level, I agree that iOS is probably more secure in real world conditions but I'm not going to espouse perfection or a rhetoric of safety. As long as iOS has a long list of vulnerabilities (as with any other platform), there's no point in saying that it is, without question, more secure than anything else.

And again, because my argument doesn't seem to be clear (I'm trying to make this as clear as possible): malware is not the same thing as a vulnerability and iOS has vulnerabilities (whether you choose to acknowledge them or not).

MacInWin
09-30-2013, 12:27 PM
I'm not jumping into this fight, but just as a fact-checker, when vansmith cited the 302 vulnerabilities
However, here's a list of 302 common vulnerabilities and exposures in iOS. he forgot to mention that not all of them are in fact in IOS, and none of them (at this point) are for IOS7. Not to say there aren't any in IOS 7, but at this point they aren't on that list that I could find. And only 6 of those vulnerabilities had exploits, all of them against iPhones/IOS older than 4.0.2. No exploits since then. As for the utility of fingerprint access, the fact that the iPhone has it makes it more likely that people will use it, and any security is better than no security. I am one of those who turned off the security passcode on every iphone I've had because I didn't want to be fussed with entering it every time I wanted to use it. If the fingerprinting on the 5s works as advertised and described, I'll leave it on because it's easy to use. I already press the Home button to open the phone anyway, so it's no additional steps to let the fingerprint thing do what it does. And that is the single best benefit of the fingerprint, that more people will be inclined to use it because it's easy.

vansmith
09-30-2013, 12:35 PM
I'm not jumping into this fight, but just as a fact-checker, when vansmith cited the 302 vulnerabilities he forgot to mention that not all of them are in fact in IOS, and none of them (at this point) are for IOS7. Not to say there aren't any in IOS 7, but at this point they aren't on that list that I could find. And only 6 of those vulnerabilities had exploits, all of them against iPhones/IOS older than 4.0.2. No exploits since then.Good find. Who doesn't appreciate a good fact check?

My only comment to that is that this doesn't negate my argument (they've been and remain present, regardless of version) and I imagine that, since it's a piece of software like any other, vulnerabilities will surface. However, a lack of them now is better than having them now.


As for the utility of fingerprint access, the fact that the iPhone has it makes it more likely that people will use it, and any security is better than no security. I am one of those who turned off the security passcode on every iphone I've had because I didn't want to be fussed with entering it every time I wanted to use it. If the fingerprinting on the 5s works as advertised and described, I'll leave it on because it's easy to use. I already press the Home button to open the phone anyway, so it's no additional steps to let the fingerprint thing do what it does. And that is the single best benefit of the fingerprint, that more people will be inclined to use it because it's easy.Couldn't agree more. As we all know, people are generally lazy when it comes to security and having something simple is a great way to get around this (however much changing people's mindset would be a better option).

Lifeisabeach
09-30-2013, 12:45 PM
What do you think jailbreaks are?

I know what jailbreaks are. And it took, what, nearly a year to find a combination of vulnerabilities to crack iOS 6? What other platform has proved to be more difficult to compromise?

vansmith
09-30-2013, 01:04 PM
I know what jailbreaks are. And it took, what, nearly a year to find a combination of vulnerabilities to crack iOS 6?It took 0 days (http://en.wikipedia.org/wiki/IOS_jailbreaking#First_jailbreaks_by_device) to exploit a vulnerability in iOS 6.

Does it matter though? I'm making an argument about their very existence, nothing more. I'm not trying to suggest that the software is of a bad quality (I even implied this above). In fact, I think iOS is of good quality from a security standpoint. That said, I'm not going to hide my head in the sand and think it's somehow immune to the inherent truth of software development - if it can be made, it can be (and likely will be) exploited.

danny842003
09-30-2013, 02:03 PM
It took 0 days (http://en.wikipedia.org/wiki/IOS_jailbreaking#First_jailbreaks_by_device) to exploit a vulnerability in iOS 6.

Does it matter though? I'm making an argument about their very existence, nothing more. I'm not trying to suggest that the software is of a bad quality (I even implied this above). In fact, I think iOS is of good quality from a security standpoint. That said, I'm not going to hide my head in the sand and think it's somehow immune to the inherent truth of software development - if it can be made, it can be (and likely will be) exploited.

But nobody has claimed it cant be. Just that with the mentioned security features its very hard to exploit it.

MacInWin
09-30-2013, 03:48 PM
But nobody has claimed it cant be. Just that with the mentioned security features its very hard to exploit it.I wouldn't even say "very hard," just harder than not having it. Remember, I don't need to outrun the bear that's chasing us, I just have to be faster than you. Same in security. Nothing's perfect, it just needs to be somewhat better.

arthur30
10-01-2013, 05:05 AM
The method that was used to hack the fingerprint id recognition is impractical because to get the thumb or finger impression of any person you will have to cut is finger or may be ask him to give you the impression which is much like stealing and has nothing to do with hacking or code hacking in person.