http://www.dailymail.co.uk/sciencet...ys-hackers-used-photo-fingerprint-access.html I remember an old MythBusters where they were trying to hack a door fingerprinter reader lock. They picked up a basic Microsoft fingerprint reader and proceeded to try to hack it. After some serious time trying, they finally did it and actually cut some of the scene's out so not to show the world how it's done. Anyway, first try on the door lock and it opened. So they went backwards to see how easy it is and finally opened the door with a piece of paper with a fingerprint photocopied on it. As it says in the article:- 'As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.'
Surprised it took 2 days in truth with the amount of people who were trying to do it. Fingerprints like eye scanners can be brute forced niether is secure your better off with a 30 digit password than you ever will be with either. Don't the people who find these things get paid like £10k as well for there findings? Nice work if you can get it thats for sure.
I'm suprised people are saying "hacked", it's the 50th time i've read that word in conjunction with this news. They hacked nothing, the device was doing exactly what it was meant to do - reading the capacitance of what it expects to be on the end of the authorised finger. They replicated the finger. It's like saying I hacked my brothers facebook by using his password. The furthest that term can stretch is to cover social engineering to get hold of the print in the first place. I've demonstrated the principles to my friend who was adamant his lenovo with fingerprint reader was secure, using exactly the same method, lift print, scan print, print print, use print. Back in those days we didn't have to worry about using things like PVA glue to mimic fleshy capacitance, a bit of lick and stick was all that was required! Now, if they can somehow formulate a clip-on device that brute forces a print (removing the requirement of social engineering, and or lifting a print) then they can happilly say they hacked it. They fooled it, nothing more (Kudos btw)
Meh. It was going to happen, but fingerprints have never been the 'absolute' in security - I mean, you could just punch the person and knock them out, then stick their finger on the reader. However, I can't see the average hoodlum who mugs somebody going to the effort of all that to unlock an iPhone they stole. TouchID is fine for locking a phone, just don't expect it to be the absolute mutts nuts in security - for that you need multiple-step, multiple-type locks (ie: fingerprints, passcode, retinal scans...).
I thought the main reason for the fingerprint lock is so your good buddy can't sneak your phone and mess about on your facebook
I think you're confusing software application (Android App) vs. Integrated Hardware (iPhone reader) Of course a software app, on a touch-device is going to be gimmicky, apple actually implemented hardware to read your fingerprint. It's still a crock-o-shite, but well... it's actual hardware compared to a $0.79 app you can download to trick your friends.
Tin foil hat moment What if the finger print isn't for locking the device, but for scanning and correlating finger print data to known ID's. Next they'll develop an IRIS scanner, and then a DNA scanner...
the fingerprint reader on the 5S is a convenience feature, not a super duper secure option it's there to save you time instead of putting in your PIN or password i don't see how this is newsworthy
It's similar to the Galaxy S4 which has a setting so it can 'only' be unlocked by a user's face - in reality a photo of them also does the trick...
Hacked: TO make something sound techy, mysterious, hardcore and scare all teh Apple fanbois and technophobes in to thinking something horrible is going to compromise all of their tech and they must be saved.
People need to understand the severity of this problem. Its not what is at stake, its the principal that matters. God dammit, people have a right to keep their photo collection safe and secure. Even thought it appears that 99.9% of the pictures people take are of their pets and what they ate for breakfast. Still, these things are super secret. Remember kids, the only way to secure your phone is with an alpha numeric password that's at least 8 character long and with a combination of upper and lower case and special characters is a nice bonus. Something like Brut3F0Rc3Th1s! Honestly, passwords are stupid. What people really need is to tie those things down and put it around their necks. People are not going to sell your information on the black market because its worthless. Your cellphone itself on the other hand....
Personally, I use "Pass phrases" instead of a password (where the website allows me to). I say phrases because they aren't just one word, and quite often factor in a question and answer - like "what Food you like dude? - Pasta, man!" (not a real one, but feel free to try) I find these a billion times more memorable, infinitely more secure, and so hard to socially engineer out of me as they are normally abstract thoughts based on the sites name, branding, first post i read on the forum that day. Apple saying "yo, this "password" that you leave in over a thousand places each day is gonna keep you secure" is definitely an issue, that anyone in their RnD department came up with, and supported the idea is ammusing. We use smartcard and passphrase authentication at work, for a reason, we want to be as secure as possible. If we bowed to "usability, comfort" principles, we'd leave our workstations unsecured and have an open desktop policy. Silly apple. xoxox (i still love you really)
It's 'easy' to hack your own device when you have access to the original finger to reset the device after a failed attempt. Out in the real world it will be close to impossible to reliably achieve success. If you don't get a perfect photo, or you don't make a perfect print, or gel 'fake print' then it's not going to work all the time. Too many failed attempts and the phone locks you out and you have to enter the passcode.
Judging by sales numbers that I've seen no one cares ether way. 7mil sold in 3 days, they are figures most company's would do anything to obtain.