CCC Says Apple iPhone 5S TouchID Broken 481
hypnosec writes with word that the Chaos Computer Club claims to have "managed to break Apple's TouchID using everyday material and methods available on the web. Explaining their method on their website, the CCC hackers have claimed that all they did was photograph a fingerprint from a glass surface, ramped up the resolution of the photographed fingerprint, inverted and printed it using thick toner settings, smeared pink latex milk or white woodglue onto the pattern, lifted the latex sheet, moistened it a little and then placed it on the iPhone 5S's fingerprint sensor to unlock the phone." Update: 09/22 21:32 GMT by T :Reader mask.of.sanity adds a link to a video of the hack.
Easy! (Score:5, Funny)
sounds really trivial to break. I can see all kinds of kids doing this.
If true (Score:4, Funny)
Re:Easy! (Score:5, Funny)
Remember that a hacker won't know which of 5 fingers the owner uses, so that's another layer of security
More secure. (Score:4, Funny)
Maybe the best use of touch Id is as a complement to a code. Something you know, something you have, something you are. They have 2 out of 3, and with their Siri they could add voice too. "My voice is my passport. Verify"
I have a solution! (Score:5, Funny)
social engineering time (Score:5, Funny)
You know what? I really love the sound of your voice. ... And there's this one word. I've always loved the sound of this word. ... I would really like to hear you say the word ..."passport".
So what they proved is... (Score:5, Funny)
...the iPhone's fingerprint scanner works well. I was expecting it to be a gimmick that would give more false negatives or false positives than real results. That these guys had to use the same methods they would use for a high-quality expensive fingerprint scanner, and that those methods actually worked, tells me the iPhone's fingerprint scanner has potential.
Gee (Score:4, Funny)
Something you leave lying around on everything you touch is a poor key for security.
Who'd a thunk it?
Oh good... (Score:5, Funny)
Re:Easy! (Score:5, Funny)
you mean, besides just holding your hand against the sensor? As, if they have your phone, they probably also have you...
How about you jailbreak the phone, and use a PIN to unlock it normally, BUT you customize the reader, so if certain of your fingers get held against the sensor --- it triggers a "disable power off function" and "start wipe device" command.
Re:You're missing the point. (Score:4, Funny)
Well, some lucky kid *didn't* lock the android phone that fell out of his pocket while rip-roaring drunk, so that when I picked it up off the side of the road I could get in and send him an email that I'd found it. Sure, I could have just popped the SIM and sent it back to Verizon, but it would have taken weeks or days, not 2 hours, for the guy to get his phone back.
I don't PIN lock my phone because I'm lazy, I do it so my family can use my phone easily. I definitely wouldn't use the fingerprint recognition if I had it.