New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

iPhone 5S Touch ID hacked by fake fingerprints !!!!!


Post Reply New Thread Subscribe

 
Thread Tools
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,796
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is offline
iPhone 5S Touch ID hacked by fake fingerprints | CNET UK


Quote:
"Fingerprints should not be used to secure anything," say the fast-fingered fakers. "You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

A bug in Apple's new iOS 7 software allows wrong'uns to bypass a locked screen, but software issues can at least be solved by future updates; hardware issues are more troublesome.

The new iPhone is supposed to be so secure that police officers in New York are handing out flyers outside subway stations recommending Apple-owning Gothamites to update to iOS 7 as soon as possible.
Hmmmmm

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
bobtomay

 
bobtomay's Avatar
 
Member Since: Dec 22, 2006
Location: Texas, where else?
Posts: 25,021
bobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond reputebobtomay has a reputation beyond repute
Mac Specs: 15" MBP 2.33 C2D 256 4GB, MBA 13" i7 1.8, MB 2.0 2GB, Nano 4th, 3GS, iPad 1

bobtomay is offline
Yeah, am sure we all knew someone would figure out how to get passed it.

Don't see how that helps out the pick pocket or those where it's only a matter of convenience that find a phone left behind somewhere.

Am pretty sure the local bartender is running out to grab a jar of graphite and a camera to keep behind the counter just waiting for someone to forget their phone - and which glass does this phone belong to?

I cannot be held responsible for the things that come out of my mouth.
In the Windows world, most everything folks don't understand is called a virus.
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,514
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Well this is a tad confusion since it isn't fake fingerprints that is bypassing the phones, but rather molds of your fingerprints that is doing it..

However, what is interesting is that the fingerprints you leave everywhere is essentially your surface print, but the sensor in the iPhone 5S (if you see the presentation and other media) indicate that the sensors goes deeper and the discerns the "inner" fingerprints for recognition.

You would think that this would be harder to replicate and thus the system is harder to circumvent..

--
Regards
...Ashwin



Be sure to read the Community Guidelines | The more information you provide, the better answers you get, remember GIGO.
QUOTE Thanks
MacInWin

 
MacInWin's Avatar
 
Member Since: Jul 07, 2008
Location: Winchester, VA
Posts: 2,339
MacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to beholdMacInWin is a splendid one to behold
Mac Specs: 2011 MBP, 2008 iMac, iPhone 5S, iPad mini, 13" MBP and MacMini

MacInWin is offline
Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. One thought, is it more secure if you use something other than the thumb or index finger?

In any event, it's like the keys to your car, they are there to keep honest people honest and to make you more secure than your neighbor. Not designed to keep the really dedicated crooks out.
QUOTE Thanks
fleurya

 
fleurya's Avatar
 
Member Since: Nov 18, 2006
Location: Anytown, USA
Posts: 4,922
fleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to all
Mac Specs: 27" iMac 2.7GHz Core i5, iPhone 4S, 3rd gen iPad

fleurya is offline
Doesn't matter. It's probably still easier to crack one's passcode, which can still be used as an alternate to the finger print to unlock.

To me this is mostly a measure to bridge the gap between security and convenience. Many people, like me didn't care to punch in a code 100 gives a day, so we went without. This way my phone is more secure and actually easier to unlock than before without a passcode!

In any event, the biggest security improvement probably was the activation lock rather than the fingerprint reader. It'll berm ore of a deterrent to theives to go after easier targets if they know they can't simply wipe the software and sell it off.

"Give so much time to the improvement of yourself that you have no time to criticize others"
QUOTE Thanks
danny842003

 
Member Since: Jul 16, 2012
Posts: 86
danny842003 is an unknown at this point

danny842003 is offline
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.
QUOTE Thanks
fleurya

 
fleurya's Avatar
 
Member Since: Nov 18, 2006
Location: Anytown, USA
Posts: 4,922
fleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to allfleurya is a name known to all
Mac Specs: 27" iMac 2.7GHz Core i5, iPhone 4S, 3rd gen iPad

fleurya is offline
Quote:
Originally Posted by danny842003 View Post
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.
Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.

"Give so much time to the improvement of yourself that you have no time to criticize others"
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,514
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Half of the security firms out there are in the business of compromising security for the sake of demonstrating that it can be done. Common sense tells you that not only do hackers need to get a clean print (and the right finger), they also need to access your device..and that's become more and more inseparable from the owners these days..

As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..

And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..

--
Regards
...Ashwin



Be sure to read the Community Guidelines | The more information you provide, the better answers you get, remember GIGO.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,893
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by Raz0rEdge View Post
As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..
This. Fingerprint scanners are not bullet proof just as activation lock isn't (it's a matter of time before it is cracked, not whether or not it will happen). I'm sure, with time, means of getting around it will become more common. This is certainly not a criticism of the inclusion since it's an interesting approach to securing the phone. However, it's best to remember (something that this "hack" does) that no security is ever going to be perfect on any device anywhere at any time.

I think the Ars assessment and suggestion is right - this would work well in concert with some other form of identification. If they can get the scan down to near zero time, this would be a nice complement to another form of authentication.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,514
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Quote:
Originally Posted by vansmith View Post
I think the Ars assessment and suggestion is right - this would work well in concert with some other form of identification. If they can get the scan down to near zero time, this would be a nice complement to another form of authentication.
How long before we have fingerprint, iris, and voiceprint security before we can unlock the phone??

--
Regards
...Ashwin



Be sure to read the Community Guidelines | The more information you provide, the better answers you get, remember GIGO.
QUOTE Thanks
danny842003

 
Member Since: Jul 16, 2012
Posts: 86
danny842003 is an unknown at this point

danny842003 is offline
Quote:
Originally Posted by Raz0rEdge View Post

And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..
I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,893
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by Raz0rEdge View Post
How long before we have fingerprint, iris, and voiceprint security before we can unlock the phone??
Give it time...

Quote:
Originally Posted by danny842003 View Post
I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.
Many apps make you enter a code and then, if still open, will accept input when switched back to. In other words, someone could access it if you had it open at some point and hadn't completely closed it.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,796
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is offline
Quote:
Originally Posted by danny842003 View Post
I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.
My bank has like the web login a 2 stage login, for added security, and trust me, i have never ever been in too much of a hurry anytime to have to put in the 2 pieces of information to access that on my iPhone, iPad Mini or Mac. As well as that 1Password Browser, if i switch to another App and come back to it, I need to either re-enter my passphrase or the quick entry 4 digit pin to access it.
And 1Password 4 is going to be a doozie IMO. Its still beta stage but GM is only around the corner.

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
Lifeisabeach

 
Lifeisabeach's Avatar
 
Member Since: Sep 30, 2007
Location: Wilmington, NC
Posts: 6,933
Lifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond repute
Mac Specs: iMac i3 (mid-2010) + OS 10.9; TV 3; iPhone 5S; iPad 4

Lifeisabeach is offline
Quote:
Originally Posted by fleurya View Post
Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.
Exactly. Even if someone was planning to do that, in the time it'd take them to get to the point where they could have the fake fingerprint ready to go, you could have the blasted thing locked down with "Find my iPhone".


Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
------
Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
------
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 16,765
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Okay, two things:

1. Actually reading what is ACTUALLY involved in this "hack" should make any rational person laugh out loud. If you think this is likely to happen to you, you have a screw loose (to be blunt). So until someone comes up with a PRACTICAL, REALISTIC way to break this that is easily repeatable and low-cost, I'd say your iPhone 5s is WAY more secure than any phone you've ever had in your life.

2. So. Much. Stupid. Misinformation. Not from you guys, but from the ignoramuses that write these articles.

The point of Touch ID is to reduce theft by encouraging people to be more proactive about iPhone security. That's pretty much it.

a. The fingerprint scan is entirely optional (and if you DO use it, it requires at least a four-digit passcode for backup/fallback). It doesn't get sent anywhere. Apple doesn't have it, third parties (even Apple developers) don't have it, the NSA doesn't have it. (the NSA already had your fingerprints long ago, that's another story altogether)

b. If the fingerprint scan is on and you don't use it to unlock the iPhone at least once within 48 hours, you'll need to enter the passcode to get back in. You can still set a simple or complex passcode as before, and use that if you prefer.

c. You can have no passcode or fingerprint scan if that's what you want. If you take your phone out in public, you're being a fool not to have at least a passcode AND Activation Lock IMHO, but it's your decision of course.

d. Fingerprints and any other security methods can conceivably be "hacked" (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point.
QUOTE Thanks

Post Reply New Thread Subscribe


« iPhone sinks as Android seizes market share | Apple offers a sneak peek at new Mac Pro at WWDC 2013 »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 02:33 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?