1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apple iPhone 5S fingerprint reader hacked in 2 days

Discussion in 'Hardware' started by Snips, 23 Sep 2013.

  1. Snips

    Snips I can do dat, giz a job

    Joined:
    14 Sep 2010
    Posts:
    1,940
    Likes Received:
    66
    http://www.dailymail.co.uk/sciencet...ys-hackers-used-photo-fingerprint-access.html

    I remember an old MythBusters where they were trying to hack a door fingerprinter reader lock. They picked up a basic Microsoft fingerprint reader and proceeded to try to hack it. After some serious time trying, they finally did it and actually cut some of the scene's out so not to show the world how it's done. Anyway, first try on the door lock and it opened. So they went backwards to see how easy it is and finally opened the door with a piece of paper with a fingerprint photocopied on it.

    As it says in the article:-

    'As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.'
     
  2. rollo

    rollo Well-Known Member

    Joined:
    16 May 2008
    Posts:
    7,716
    Likes Received:
    101
    Surprised it took 2 days in truth with the amount of people who were trying to do it. Fingerprints like eye scanners can be brute forced niether is secure your better off with a 30 digit password than you ever will be with either.

    Don't the people who find these things get paid like £10k as well for there findings? Nice work if you can get it thats for sure.
     
  3. notmeagain

    notmeagain Member

    Joined:
    29 Jan 2009
    Posts:
    559
    Likes Received:
    15
    I'm suprised people are saying "hacked", it's the 50th time i've read that word in conjunction with this news.

    They hacked nothing, the device was doing exactly what it was meant to do - reading the capacitance of what it expects to be on the end of the authorised finger.

    They replicated the finger.

    It's like saying I hacked my brothers facebook by using his password.

    The furthest that term can stretch is to cover social engineering to get hold of the print in the first place.

    I've demonstrated the principles to my friend who was adamant his lenovo with fingerprint reader was secure, using exactly the same method, lift print, scan print, print print, use print.

    Back in those days we didn't have to worry about using things like PVA glue to mimic fleshy capacitance, a bit of lick and stick was all that was required! :)

    Now, if they can somehow formulate a clip-on device that brute forces a print (removing the requirement of social engineering, and or lifting a print) then they can happilly say they hacked it.

    They fooled it, nothing more :) (Kudos btw)
     
  4. Cei

    Cei pew pew pew

    Joined:
    22 Mar 2008
    Posts:
    4,717
    Likes Received:
    122
    Meh. It was going to happen, but fingerprints have never been the 'absolute' in security - I mean, you could just punch the person and knock them out, then stick their finger on the reader.

    However, I can't see the average hoodlum who mugs somebody going to the effort of all that to unlock an iPhone they stole. TouchID is fine for locking a phone, just don't expect it to be the absolute mutts nuts in security - for that you need multiple-step, multiple-type locks (ie: fingerprints, passcode, retinal scans...).
     
  5. goldstar0011

    goldstar0011 Well-Known Member

    Joined:
    2 Sep 2007
    Posts:
    3,249
    Likes Received:
    204
    I thought the main reason for the fingerprint lock is so your good buddy can't sneak your phone and mess about on your facebook
     
  6. Kovoet

    Kovoet New Member

    Joined:
    26 Aug 2009
    Posts:
    7,129
    Likes Received:
    348
    it's a gimmick. That fingerprint app android have had for years and there's is a gimmick as well
     
  7. notmeagain

    notmeagain Member

    Joined:
    29 Jan 2009
    Posts:
    559
    Likes Received:
    15
    I think you're confusing software application (Android App) vs. Integrated Hardware (iPhone reader)

    Of course a software app, on a touch-device is going to be gimmicky, apple actually implemented hardware to read your fingerprint.

    It's still a crock-o-shite, but well... it's actual hardware compared to a $0.79 app you can download to trick your friends.
     
  8. Burnout21

    Burnout21 Is the daddy!

    Joined:
    9 Sep 2005
    Posts:
    8,614
    Likes Received:
    197
    Tin foil hat moment

    What if the finger print isn't for locking the device, but for scanning and correlating finger print data to known ID's.

    Next they'll develop an IRIS scanner, and then a DNA scanner...
     
  9. docodine

    docodine killed a guy once

    Joined:
    10 Feb 2007
    Posts:
    5,084
    Likes Received:
    160
    the fingerprint reader on the 5S is a convenience feature, not a super duper secure option

    it's there to save you time instead of putting in your PIN or password

    i don't see how this is newsworthy
     
  10. GeorgeK

    GeorgeK Swinging the banhammer Super Moderator

    Joined:
    18 Sep 2010
    Posts:
    8,595
    Likes Received:
    459
    It's similar to the Galaxy S4 which has a setting so it can 'only' be unlocked by a user's face - in reality a photo of them also does the trick...
     
  11. KidMod-Southpaw

    KidMod-Southpaw Super Spamming Saiyan

    Joined:
    28 Sep 2010
    Posts:
    12,592
    Likes Received:
    558
    Hacked: TO make something sound techy, mysterious, hardcore and scare all teh Apple fanbois and technophobes in to thinking something horrible is going to compromise all of their tech and they must be saved.
     
  12. Rofl_Waffle

    Rofl_Waffle New Member

    Joined:
    24 Mar 2010
    Posts:
    504
    Likes Received:
    12
    People need to understand the severity of this problem. Its not what is at stake, its the principal that matters.

    God dammit, people have a right to keep their photo collection safe and secure. Even thought it appears that 99.9% of the pictures people take are of their pets and what they ate for breakfast. Still, these things are super secret.

    Remember kids, the only way to secure your phone is with an alpha numeric password that's at least 8 character long and with a combination of upper and lower case and special characters is a nice bonus. Something like Brut3F0Rc3Th1s!

    Honestly, passwords are stupid. What people really need is to tie those things down and put it around their necks. People are not going to sell your information on the black market because its worthless. Your cellphone itself on the other hand....
     
    Last edited: 23 Sep 2013
    andrew8200m likes this.
  13. notmeagain

    notmeagain Member

    Joined:
    29 Jan 2009
    Posts:
    559
    Likes Received:
    15

    Personally, I use "Pass phrases" instead of a password (where the website allows me to).
    I say phrases because they aren't just one word, and quite often factor in a question and answer - like "what Food you like dude? - Pasta, man!" (not a real one, but feel free to try)

    I find these a billion times more memorable, infinitely more secure, and so hard to socially engineer out of me as they are normally abstract thoughts based on the sites name, branding, first post i read on the forum that day.

    Apple saying "yo, this "password" that you leave in over a thousand places each day is gonna keep you secure" is definitely an issue, that anyone in their RnD department came up with, and supported the idea is ammusing.

    We use smartcard and passphrase authentication at work, for a reason, we want to be as secure as possible.

    If we bowed to "usability, comfort" principles, we'd leave our workstations unsecured and have an open desktop policy.

    Silly apple.

    xoxox (i still love you really)
     
  14. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,481
    Likes Received:
    176
    It's 'easy' to hack your own device when you have access to the original finger to reset the device after a failed attempt.

    Out in the real world it will be close to impossible to reliably achieve success. If you don't get a perfect photo, or you don't make a perfect print, or gel 'fake print' then it's not going to work all the time.

    Too many failed attempts and the phone locks you out and you have to enter the passcode.

     
  15. rollo

    rollo Well-Known Member

    Joined:
    16 May 2008
    Posts:
    7,716
    Likes Received:
    101
    Judging by sales numbers that I've seen no one cares ether way. 7mil sold in 3 days, they are figures most company's would do anything to obtain.
     

Share This Page