• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

iPhone 5S Touch ID hacked by fake fingerprints !!!!!

Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
iPhone 5S Touch ID hacked by fake fingerprints | CNET UK


"Fingerprints should not be used to secure anything," say the fast-fingered fakers. "You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

A bug in Apple's new iOS 7 software allows wrong'uns to bypass a locked screen, but software issues can at least be solved by future updates; hardware issues are more troublesome.

The new iPhone is supposed to be so secure that police officers in New York are handing out flyers outside subway stations recommending Apple-owning Gothamites to update to iOS 7 as soon as possible.

Hmmmmm
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
Yeah, am sure we all knew someone would figure out how to get passed it.

Don't see how that helps out the pick pocket or those where it's only a matter of convenience that find a phone left behind somewhere.

Am pretty sure the local bartender is running out to grab a jar of graphite and a camera to keep behind the counter just waiting for someone to forget their phone - and which glass does this phone belong to?
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Well this is a tad confusion since it isn't fake fingerprints that is bypassing the phones, but rather molds of your fingerprints that is doing it..

However, what is interesting is that the fingerprints you leave everywhere is essentially your surface print, but the sensor in the iPhone 5S (if you see the presentation and other media) indicate that the sensors goes deeper and the discerns the "inner" fingerprints for recognition.

You would think that this would be harder to replicate and thus the system is harder to circumvent..
 
M

MacInWin

Guest
Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. One thought, is it more secure if you use something other than the thumb or index finger?

In any event, it's like the keys to your car, they are there to keep honest people honest and to make you more secure than your neighbor. Not designed to keep the really dedicated crooks out.
 
Joined
Nov 18, 2006
Messages
4,934
Reaction score
207
Points
63
Location
Anytown, USA
Your Mac's Specs
27" iMac 2.7GHz Core i5, iPhone 6, iPad Air 2, 4th gen Apple TV
Doesn't matter. It's probably still easier to crack one's passcode, which can still be used as an alternate to the finger print to unlock.

To me this is mostly a measure to bridge the gap between security and convenience. Many people, like me didn't care to punch in a code 100 gives a day, so we went without. This way my phone is more secure and actually easier to unlock than before without a passcode!

In any event, the biggest security improvement probably was the activation lock rather than the fingerprint reader. It'll berm ore of a deterrent to theives to go after easier targets if they know they can't simply wipe the software and sell it off.
 
Joined
Jul 16, 2012
Messages
95
Reaction score
0
Points
6
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.
 
Joined
Nov 18, 2006
Messages
4,934
Reaction score
207
Points
63
Location
Anytown, USA
Your Mac's Specs
27" iMac 2.7GHz Core i5, iPhone 6, iPad Air 2, 4th gen Apple TV
So rather than cracking my passcode they just need to come around my house/workplace, lift a print. make a mould of it and hope they got the correct finger then use the mould on the finger print scanner.
Seems like a lot of effort to just access my facebook and text messages.

Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Half of the security firms out there are in the business of compromising security for the sake of demonstrating that it can be done. Common sense tells you that not only do hackers need to get a clean print (and the right finger), they also need to access your device..and that's become more and more inseparable from the owners these days..:)

As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..

And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
As a consumer, these kinds of stories should affirm that there is NO hack-proof security, but taking some suitable steps to protect yourself and your data is produent..
This. Fingerprint scanners are not bullet proof just as activation lock isn't (it's a matter of time before it is cracked, not whether or not it will happen). I'm sure, with time, means of getting around it will become more common. This is certainly not a criticism of the inclusion since it's an interesting approach to securing the phone. However, it's best to remember (something that this "hack" does) that no security is ever going to be perfect on any device anywhere at any time.

I think the Ars assessment and suggestion is right - this would work well in concert with some other form of identification. If they can get the scan down to near zero time, this would be a nice complement to another form of authentication.
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Joined
Jul 16, 2012
Messages
95
Reaction score
0
Points
6
And @danny840023, while your phone might just have trivial data on there, a lot of people are loading up their phones with apps that access their bank and other vital pieces of data. So getting access to these phones is indeed a huge concern..

I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
How long before we have fingerprint, iris, and voiceprint security before we can unlock the phone?? :)
Give it time...

I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.
Many apps make you enter a code and then, if still open, will accept input when switched back to. In other words, someone could access it if you had it open at some point and hadn't completely closed it.
 
OP
TattooedMac
Joined
May 19, 2009
Messages
8,428
Reaction score
295
Points
83
Location
Waiting for a mate . . .
Your Mac's Specs
21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
I'm not sure about all banks but my banking app still needs a code to login. As I'm not an idiot my mobile banking code is different to my access code. So gaining access to my phone does not really help you anymore than just logging on to any computer.

My bank has like the web login a 2 stage login, for added security, and trust me, i have never ever been in too much of a hurry anytime to have to put in the 2 pieces of information to access that on my iPhone, iPad Mini or Mac. As well as that 1Password Browser, if i switch to another App and come back to it, I need to either re-enter my passphrase or the quick entry 4 digit pin to access it.
And 1Password 4 is going to be a doozie IMO. Its still beta stage but GM is only around the corner.
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
Pretty much! People are saying they can lift the print off the phone, but as much as people handle their phones I think it would be pretty difficult to get a nice, clean print.

In reality, nobody is going to do this in real life to steal a phone.

Exactly. Even if someone was planning to do that, in the time it'd take them to get to the point where they could have the fake fingerprint ready to go, you could have the blasted thing locked down with "Find my iPhone".
 
C

chas_m

Guest
Okay, two things:

1. Actually reading what is ACTUALLY involved in this "hack" should make any rational person laugh out loud. If you think this is likely to happen to you, you have a screw loose (to be blunt). So until someone comes up with a PRACTICAL, REALISTIC way to break this that is easily repeatable and low-cost, I'd say your iPhone 5s is WAY more secure than any phone you've ever had in your life.

2. So. Much. Stupid. Misinformation. Not from you guys, but from the ignoramuses that write these articles.

The point of Touch ID is to reduce theft by encouraging people to be more proactive about iPhone security. That's pretty much it.

a. The fingerprint scan is entirely optional (and if you DO use it, it requires at least a four-digit passcode for backup/fallback). It doesn't get sent anywhere. Apple doesn't have it, third parties (even Apple developers) don't have it, the NSA doesn't have it. (the NSA already had your fingerprints long ago, that's another story altogether)

b. If the fingerprint scan is on and you don't use it to unlock the iPhone at least once within 48 hours, you'll need to enter the passcode to get back in. You can still set a simple or complex passcode as before, and use that if you prefer.

c. You can have no passcode or fingerprint scan if that's what you want. If you take your phone out in public, you're being a fool not to have at least a passcode AND Activation Lock IMHO, but it's your decision of course.

d. Fingerprints and any other security methods can conceivably be "hacked" (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point.
 
Joined
Nov 26, 2012
Messages
1,035
Reaction score
22
Points
38
Location
Agusan del Norte, Philippines
Your Mac's Specs
L2012 Mini, i7 2.6Ghz, 8GB RAM, 256GB SSD + 1TB HDD(fusion), BenQ 32" 2.5k QHD Display
Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. .
More then likely there is a nice figure print. More then likely the one that is also used to unlock the device already on the home button anyway.. Sprint little light powder on it and a piece of masking tape should let anyone in.. This isnt a how to.. this is just common sense..

SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.


They should have had that 9 dot pass code thingy. Then again it would eventually were a path (scratches) out in the screen from repeated use.. :(
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.

Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.
 
Joined
Jul 16, 2012
Messages
95
Reaction score
0
Points
6
Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.

Exactly just because it could be done, done not mean anyone is going to bother.
 
C

chas_m

Guest
Since this appears to need repeating:

"Fingerprints and any other security methods can conceivably be 'hacked' (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point."
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top