Defeating Apple’s Touch ID: It’s easier than you may think

The hack using lifted fingerprints is easy; here's how you can make it harder.

Read the whole story

 

[dantesan]

I think the fingerprint thing would be great convenience feature (rather than security) if we could just set the "disable and default to hard password" after 10-15 minutes.

 

[uhuznaa]

iljitsch[/url]":2k3rdu3s]

jeamland[/url]":2k3rdu3s]I, for one, think it'll be in an update to iOS 7 shortly: ability to require both fingerprint and password. It seems like low-hanging fruit.

No, this is not an option. The reason for that is that finger print identification just isn't reliable enough. A cut, a scrape or a burn will make your finger unreadable. Fingerprint readers are also notoriously failure-prone. So when the day comes the phone can't read your finger, you need to have another way to get in.

In an environment where you NEED all the security you can get this is a price you will be happy to pay. If your sensor breaks, get a new phone. It's worth less than your data. If your finger is burned, use one of your other fingers you have set up. If all are burned, hell, have your secretary restore and set up your phone with just a PIN.

Either, or. Get this right or be modest. Apple has a PR disaster facing it here, no doubt. And all of this wouldn't have been necessary, Apple could have been much more modest with the sensor here. Just use it to expand your max 5 min timeout with a PIN to a few hours and nobody would have complained.

 

[superdave2013]

I want to clear something up.

Ultimately the data the phone uses to register your finger is a photo of your finger print. Just because the technology is capacitive doesn't change the fact that at the end of the process, it is matching a picture of a fingerprint against another picture. Is should be completely possible to forge such a photo, no matter how difficult the process may be.

 

[NaturalPhilosopher]

uhuznaa[/url]":qmxzeslz]

jandrese[/url]":qmxzeslz]

Given Apple's long history of removing clutter from menus and user interfaces, it seems unlikely that this option will ever be available.

I bet this will be available on Cydia shortly after the jailbreak for the 5s is discovered. Hopefully Apple can be brought around to adding it to the phone as well, it seems like it should be pretty easy to implement.

iOS has had a configurable timeout for the PIN since ages. You can configure up to five minutes in which you can unlock your iPhone without having to type in your PIN. This is major convenience feature, mind you. If you click off your phone and in the same moment remember to look up something you can unlock it without your PIN. (Android lacks this, either you do without a PIN or you have to type it even if your phone has been off for just a second, this is utterly inconvenient in practice.)

Using TouchID just to be able to extend this timeout to a few hours if you want to (and set it to zero if you want total security) would have been really the right thing to do. A fingerprint offers no total security, it just allows you to be a bit more lenient with requiring a PIN or password. I can't understand how Apple could miss this, it's obvious and getting this right is something I would just EXPECT from Apple. Especially from Apple.

The statement that Android lacks this feature is incorrect. Check "Settings/Security/Automatically lock X seconds after sleep." I have had the feature since Android 2.3. Naturally, if you're using a manufacturer or carrier modded phone, all bets are off. But that's not about Android really, that's about somebody's crappy mod.

Beyond that, you're entirely correct about the appropriate use of Touch ID to extend the timeout. Touch ID is worth using. But, I'm pretty tired of Apple's continual implication that they invented an amazing new thing, when it's not really different from the existing technology. The average Apple fanboy/girl genuinely doesn't seem to know about the products Apple built off of, and I think the reality distortion field really can make it easier for Apple to try and pass Android/Windows/whatever off as a giant rip-off of "their" innovation.

 

[Richard Weiss]

Has it occurred to anyone that the Touch ID *is* part of a two-factor authentication scheme? The possible factors are something you know, something you have, and something you are. Your fingerprint is something you are, while the phone is something you have. I may be wrong, but I don't think you can hack into an iPhone with the fingerprint alone. You also have to be in possession of the device. Adding a pin code to that would make it three-factor authentication.

Apple's solutions aren't perfect, but I think many of us are not giving them enough credit.

 

[CRandyHill]

taswyn[/url]":1dhx5c56]

Bron[/url]":1dhx5c56]I don't understand this reaction to a fingerprint sensor not being perfect. Isn't that obvious? If apple had invented a perfect fingerprint sensor then a lot of three letter agencies would have been interested.

A lot of this seems to me to be missing the point. This was intended to be an easy and convenient way to secure a phone that otherwise would not have been secured. Loads of people do not bother with a PIN, and even then tend to use short four digit pins which are as dubious as a touch sensor. To me, anything that persuades more people to at least lock their phone is a win.

Having said that, the apple marketing could have done a better job at communicating this, and I sorely wish there was an option for two factor authentication all the time, rather that just at restarts.

Apple fudged the marketing and implementation of the fingerprint reader. I think it's fair to complain at this point, especially with solid evidence in hand of what everyone who knew anything about fingerprint scanning tech already suspected: that for all they dressed it up, this was not substantially better than any of the other easily beaten consumer grade fingerprint tech.

If they hadn't sold it as some amazing and perfectly secure thing (Apple really played it up quite a bit), there would have simply been statements of "well of course it's hackable, but it's better than swipe to unlock at least, and the newer tech at least makes it more difficult to hack than just using a piece of tape" and it would have been left at that.

Apple shot their own foot on this one, honestly. They were practically ASKING for someone to demonstrate a hack and in turn to have a big deal made of it. Especially by not having 2 factor as an always available option (or even via time-out as suggested above).

Apple didn't fudge anything. Touch ID makes the iPhone 5s the most secure smartphone ever, because it works extremely well and accurately, unlike the crap fingerprint readers of the past that failed, so real users will actually use it to finally lock their phones for once. And if someone steals your phone, it only gives them 48 hours (or far less, if you are on the ball) to find and clone the right fingerprint before the passcode is activated. And because the passcode is entered so rarely for Touch ID users users, they can start using reasonable length passcodes that are essentially unbreakable.

Smartphone users have two legitimate risks to their privacy, an acquaintance/friend swiping their phone to read their private data, or the authorities confiscating their phone for same reason. The iPhone 5s protects users in both scenarios, making it effectively impossible for either to succeed. The authorities would need to get a court order within 48 hours to force you to use your finger to unlock it (assuming a court would even grant an order like that) and then have to hope you don't "accidentally" use the wrong finger 3 times and trigger the passcode lock (and which they can't get a court order to force you to reveal).

A thief isn't going to be setup with the equipment, and won't have the motivation to sit around and clone fingerprints to see if you have any useful data on the phone. If your spouse/significant other/or private eye they hire wants to do it, it's still almost an impossible trick to pull off if you take three minor precautions.

a) Use a thumb or another less used finger is an extremely simple way make it far more difficult for them to pull a print to start, and to force them to get all your prints to find the right one.

b) Activate Find My iPhone, and just wipe it remotely when you realize it's been taken. They won't even have the 48 hours.

c) Use a long, preferably 10 character or more, passcode so your iPhone is unbreakable once the passcode is activated.

You aren't James Bonds, folks. The NSA isn't sending a black ops team with a fingerprint cloning lab in it's van to steal your phone. The iPhone 5s is the most secure device you can actually buy and will actually secure in your day to day life.

 

[pchevier]

For me the touch sensor was not about protecting myself from some hacker stealing my angry birds high score. It was about protecting my email and facebook account from my much more dangerous 2 year old daughter. The touch sensor stops her from being able to "swipe to unlock" without adding any extra effort for me by adding a passcode I have to enter every time.

 

[KarlKFI]

4 digit pass codes aren't much more secure than fingerprints.

Apple's goal is to deter common theft, not thwart governmental agencies.

The biggest piece everyone is missing is that Apple's goal with Touch ID wasn't to be increase security levels, but to increase the number of its users using security measures. Touch ID actually improves usability, at only a minor loss of security. If you think a passcode is more secure and you need that much more security, use that.

It is unfortunate that they don't offer an option to require both print and code, but hopefully that's easy enough to code into the firmware at a later date without requiring hardware change. If not, there's always the iPhone 6...

 

[Chuckstar]

iljitsch[/url]":2s6k2d5i]

jeamland[/url]":2s6k2d5i]I, for one, think it'll be in an update to iOS 7 shortly: ability to require both fingerprint and password. It seems like low-hanging fruit.

No, this is not an option. The reason for that is that finger print identification just isn't reliable enough. A cut, a scrape or a burn will make your finger unreadable. Fingerprint readers are also notoriously failure-prone. So when the day comes the phone can't read your finger, you need to have another way to get in.

What we need is the iWatch where the iPhone automatically locks when it's moved too far from the iWatch and unlocks when it gets back into range.

But then someone will just chop your arm off to get acces to your phone.

 

[AlfieJr]

oh, the brain deadness of some many - including this author - is so superficial.

having any kind of lock - biometric or otherwise - compared to none at all (which half of current users reportedly don't) has only "some merit"? seriously? so having no lock on my house door only has "some merit" compared to no lock at all, since any burglar could easily break a window anyway?

let's be real - any decent lock is a whole lot better than no lock at all.

but beyond that, this new "hack" is not that hard to work around. if you are all that worried, use a knuckle print instead of a finger tip print. you do not leave knuckle prints all over the place (hardly anywhere actually), certainly not on the phone itself, and it's only slightly less easy to tap the home button with your knuckle. so how could the hackers ever get a copy your knuckle? they can't.

but oh yeah, don't mention that - that takes actual thinking! let's write articles about people using their nipples and other various body parts instead ...

idiots.

 

[PeterWimsey]

uhuznaa[/url]":2rrpoqix]
Either, or. Get this right or be modest. Apple has a PR disaster facing it here, no doubt. And all of this wouldn't have been necessary, Apple could have been much more modest with the sensor here. Just use it to expand your max 5 min timeout with a PIN to a few hours and nobody would have complained.

No, they don't have a PR disaster. It is amazing how many people are so disconnected from the real world that they don't understand this. If you tell a normal person - i.e., someone who uses no PIN or just a 4 digit PIN - how the fingerprint scanner can be hacked, their reaction is to be relieved that it's so secure.

Seriously, to do this hack you need to: (1) get access to a fingerprint; (2) take a good picture of the fingerprint with a decent quality (i.e., better than smartphone) camera; (3) use photoshop to clean up the photo; (4) use a better-than-low-end laser printer (with a heavy toner setting) to print out a picture of the photo; and (5) use latex milk (which is not in the dairy section of the grocery) to make a model of the fingerprint.

This is complicated and time consuming compared to shoulder surfing - I've accidentally, without trying, seen more than a dozen passcodes be entered into phones just because people with PINs have to enter it so routinely that they don't take steps to hide it.

If I lived in the dorm in the movie "Real Genius" I might be worried about hacks like this, but in any real life scenario. As mentioned upthread, people use the 4 digit PIN to prevent snooping coworkers from looking in your phone while it's lying on your desk, or to prevent your nosy relatives or roommates from looking in your phone while it's lying around your house, or to prevent nosy students from snooping in your phone while it is unattended. And this will work much better than no PIN, and much better than a 4 digit PIN that people you are around constantly will have had many opportunities to see.

 

[Jousle]

At least is harder than just swiping the lock screen but easier for the owner , i guess that was the point. Maybe the encryption of the fingerprint data is against remote attacks

 

[web2dot0]

ascendedguard[/url]":29zcy35z]

Honey Badger[/url]":29zcy35z]
Any sufficiently determined attacker can crack 4-digit PIN codes as well. All they need to do is stealthily shoulder-surf as you type it in. Touch ID works better against average thieves than a PIN, as a thief needs to spend time taking a high resolution photo of your fingerprint, touching up the photo, getting to a laser printer, applying the latex, and letting the latex film settle. That gives the victim some time to remotely disable their phone from the Find My iPhone app.

Yes, it's true that a thief can perform these steps before stealing the phone, but that's a targeted attack. And with mobile devices, all bets are off in targeted attacks.

On the other hand, they can unlock your phone using TouchID without ever looking over your shoulder or figuring out your password. Your fingerprint is likely all over the screen, so if they want in, they just swipe your device immediately and go to work.

Even easier if you don't lock your phone .... which is ALOT of people. Unless you don't like in the real world, the reality is sizeable number of consumers don't lock their phones. It's a fact. TouchID can fix that. That's a fact.

Even if TouchID is not anymore secured than PIN, it's more convenient. That's also a fact.

As long as you set the right expectation with this technology, then TouchID can be of use. Turning it into something that it's not .... well, you get a bunch of people saying how you can hack TouchID ...

 

[rmcrowley2000]

I'm surprised that there's almost no one commenting on the line: "after at least one of the people who pledged a bounty reneged on the promise."

This is referring to Arturas Rosenbacher of I/O Capital. See here for a story on it. Essentially, I/O backed out after the money was won, by instituting new terms and conditions after the fact.

Hopefully this doesn't reflect poorly on the rest of the Chicago VC scene...

 

[uhuznaa]

PeterWimsey[/url]":lt3lu839]

uhuznaa[/url]":lt3lu839]
Either, or. Get this right or be modest. Apple has a PR disaster facing it here, no doubt. And all of this wouldn't have been necessary, Apple could have been much more modest with the sensor here. Just use it to expand your max 5 min timeout with a PIN to a few hours and nobody would have complained.

No, they don't have a PR disaster. It is amazing how many people are so disconnected from the real world that they don't understand this. If you tell a normal person - i.e., someone who uses no PIN or just a 4 digit PIN - how the fingerprint scanner can be hacked, their reaction is to be relieved that it's so secure.

The fingerprint sensor being hacked was worth reporting in the main prime-time TV news in Germany. People not knowing (or caring) about any technological background now know (or believe to know) that Apple's most important new feature in the new flagship iPhone already has been hacked and made worthless a couple of days after releasing the phone.

In case you haven't noticed that: The iPhone hype has turned into a "Appel is doomed" hype. In a major german program the conclusion of a review of iOS 7 was "but this won't be enough to save Apple".

Any hype always turns into its opposite after being exhausted and Apple is in THAT stage, believe me. Apple can't afford any bad news. And this IS bad news.

 

[CRandyHill]

NaturalPhilosopher[/url]":11zpq2mb]

uhuznaa[/url]":11zpq2mb]

jandrese[/url]":11zpq2mb]

Given Apple's long history of removing clutter from menus and user interfaces, it seems unlikely that this option will ever be available.

I bet this will be available on Cydia shortly after the jailbreak for the 5s is discovered. Hopefully Apple can be brought around to adding it to the phone as well, it seems like it should be pretty easy to implement.

iOS has had a configurable timeout for the PIN since ages. You can configure up to five minutes in which you can unlock your iPhone without having to type in your PIN. This is major convenience feature, mind you. If you click off your phone and in the same moment remember to look up something you can unlock it without your PIN. (Android lacks this, either you do without a PIN or you have to type it even if your phone has been off for just a second, this is utterly inconvenient in practice.)

Using TouchID just to be able to extend this timeout to a few hours if you want to (and set it to zero if you want total security) would have been really the right thing to do. A fingerprint offers no total security, it just allows you to be a bit more lenient with requiring a PIN or password. I can't understand how Apple could miss this, it's obvious and getting this right is something I would just EXPECT from Apple. Especially from Apple.

The statement that Android lacks this feature is incorrect. Check "Settings/Security/Automatically lock X seconds after sleep." I have had the feature since Android 2.3. Naturally, if you're using a manufacturer or carrier modded phone, all bets are off. But that's not about Android really, that's about somebody's crappy mod.

Beyond that, you're entirely correct about the appropriate use of Touch ID to extend the timeout. Touch ID is worth using. But, I'm pretty tired of Apple's continual implication that they invented an amazing new thing, when it's not really different from the existing technology. The average Apple fanboy/girl genuinely doesn't seem to know about the products Apple built off of, and I think the reality distortion field really can make it easier for Apple to try and pass Android/Windows/whatever off as a giant rip-off of "their" innovation.

The truth is somewhat messy.

MITs invented the PC with the Altair, but it was a hobbyest kit computer and Apple came along and made one of the first usable PCs, the Apple II, by creating an affordable floppy disc controller, packaging it well, and brought the PC to a much wider audience.

Xerox invented the GUI with the Altos, but it was a command driven computer that hosted GUI apps using a very limited graphical library and almost unusable mouse, Apple came along and with a host of inventions (Regions that led to far more advanced UI interface metaphors such as controls, menu bars , low cost mouse that worked in any direction, a graphical OS interface called the Finder) and was able to put all of them in a $2k computer at the same time Xerox sold a $10K box called the Star, that while providing workstation performance level for the time, and far advanced over the Alto, didn't have all of the UI innovations of the Macintosh.

A host of companies tried using touchscreens on phones and failed, because they didn't figure out all the necessary innovations to make it work properly (such as proximity sensor), and Apple came along and spent years figuring the necessary innovations out and made the first usable and successful touchscreen smartphone. Jobs had Schmidt on his board and the Google boys dropping by his house all the time, and when Google did a 180 with Android in just a few months to build a similar device instead of the keyboard driven phone they were designing, Jobs got extremely butthurt and angry, as if he wouldn't have done the same thing were he them.

And now Apple has spent a ton of money making what looks to be first usable fingerprint sensor for smartphones, and it's so innovative it appears it will actually be usable, i.e. work well almost all the time instead of intermittently. If it's successful it will be a standard across the iOS line and Android/Windows phones will have something similar soon.

So those Apple fanboys who think Apple invented everything are just as wrong as those who deny that Apple has made most of the most important innovations in the history of personal computers and smartphones, helping make both markets as hugely successful as they are.

 

[kleinma]

any protection, no matter how flawed, is better than none at all

Not when it gives someone a false sense of security. It is sort of like saying "a bullet proof vest stuffed with paper instead of kevlar is better than no vest at all"

 

[lateadopter]

GoTigs[/url]":2ud46nz2]

fitten[/url]":2ud46nz2]

There's some merit in this second argument, since any protection, no matter how flawed, is better than none at all.

A false sense of security may cause people to be more lax about their security, which may make things worse.

I came here to say exactly this. If basic user has no security, they know it and hopefully won't put secure info on their device that they don't have to. Once you tell them there is this simple way to make their phone "secure", they now think they can put anything on there and not worry about it. In this sense, no protection is better than bad protection.

Yet home deadbolts are pretty easy to break. And if not the window next to the door is. Is that a false sense of security too?

Isn't this more of a case of, "that phone (5s) is a little tougher to steal than this phone (5, 4s, 4, whatever). Let's steal this phone."

I certainly do not think the locks on my household doors will keep out anyone that really wants to get inside. But the casual burglar may get discouraged and go to the house with the open garage door.

Is not Apple's finger print scanner a very valid, similar way of thinking?

 

[web2dot0]

uhuznaa[/url]":fznh4jsf]

PeterWimsey[/url]":fznh4jsf]

uhuznaa[/url]":fznh4jsf]
Either, or. Get this right or be modest. Apple has a PR disaster facing it here, no doubt. And all of this wouldn't have been necessary, Apple could have been much more modest with the sensor here. Just use it to expand your max 5 min timeout with a PIN to a few hours and nobody would have complained.

No, they don't have a PR disaster. It is amazing how many people are so disconnected from the real world that they don't understand this. If you tell a normal person - i.e., someone who uses no PIN or just a 4 digit PIN - how the fingerprint scanner can be hacked, their reaction is to be relieved that it's so secure.

The fingerprint sensor being hacked was worth reporting in the main prime-time TV news in Germany. People not knowing (or caring) about any technological background now know (or believe to know) that Apple's most important new feature in the new flagship iPhone already has been hacked and made worthless a couple of days after releasing the phone.

In case you haven't noticed that: The iPhone hype has turned into a "Appel is doomed" hype. In a major german program the conclusion of a review of iOS 7 was "but this won't be enough to save Apple".

Any hype always turns into its opposite after being exhausted and Apple is in THAT stage, believe me. Apple can't afford any bad news. And this IS bad news.

Just like people are saying that your 4-PIN code can be hacked ....
Doesn't stop anyone from using it. You've got no point.

If hacking involves lifting someone's fingerprint .... it's alot more manually intensive thing than hacking the 4-PIN password. Then it's not a hack.

The purpose of the tech is not to make totally secure. If it is, then Apple would of made to support a host of other things. Of course they know it can be hacked. They are not idiots.

It's a whole lot more secure than not locking your phone at all ... which is alot of people.

 

[satyaj]

There are 4 options as I see it :

1. Leave things as they are
2. Use two factor authentication. (Touch ID + PIN)
3. How about using multiple fingers in sequence known only to user ? No idea if it's possible but,
let's say thumb = (t) , index = (i), ring = (Ri) , l = left hand, r= right hand
so I can can have sequence like lRi + lt + rt + lRi + ri ?
I know it's not fool-proof, & it still suffer from same flaws, but I think it also makes it a way bit harder by
bringing in multiple fingers & sequence.
To think about it it's same like passwords where we have individual/combined set of 26 alphabets (52 if, upper case & lower case), 10 numbers, & symbols. Here it's only 10 fingers & their combination.
4. Use 3rd + PIN ?

Just a thought.

 

[CRandyHill]

uhuznaa[/url]":1wwlz72u]

PeterWimsey[/url]":1wwlz72u]

uhuznaa[/url]":1wwlz72u]
Either, or. Get this right or be modest. Apple has a PR disaster facing it here, no doubt. And all of this wouldn't have been necessary, Apple could have been much more modest with the sensor here. Just use it to expand your max 5 min timeout with a PIN to a few hours and nobody would have complained.

No, they don't have a PR disaster. It is amazing how many people are so disconnected from the real world that they don't understand this. If you tell a normal person - i.e., someone who uses no PIN or just a 4 digit PIN - how the fingerprint scanner can be hacked, their reaction is to be relieved that it's so secure.

The fingerprint sensor being hacked was worth reporting in the main prime-time TV news in Germany. People not knowing (or caring) about any technological background now know (or believe to know) that Apple's most important new feature in the new flagship iPhone already has been hacked and made worthless a couple of days after releasing the phone.

In case you haven't noticed that: The iPhone hype has turned into a "Appel is doomed" hype. In a major german program the conclusion of a review of iOS 7 was "but this won't be enough to save Apple".

Any hype always turns into its opposite after being exhausted and Apple is in THAT stage, believe me. Apple can't afford any bad news. And this IS bad news.

Apple is doomed, to what, counting their ever growing pile of money? Any commentator can offer up any opinion they want on Apples future, but it doesn't make it so. Actual facts are 200M devices upgraded to iOS7 in less than a week, and Apple sold 9M iPhones in a weekend, it's biggest sales ever, and has issued an 8K saying they'll finish the quarter at the top of the range they gave for sales/profits.

In the long run there is nothing Apple can innovate that won't propagate to other devices (or so we hope, barring trollish patent laws). Android has the superior business model for making low cost phones that Apple can never match. But that doesn't mean Apple can't be successful for decades making premium devices in these markets. They might not grow as fast as the market in general, might have bad years, but they can still have the highest margins and the best hardware business because they are solely focused on premium hardware, and their business model is superior to Android or Microsofts (pc model) for providing to that specific segment.

It's worked in tablets, smartphones, laptops, and even PCs. They will regularly stub their toes, and will occassionally make really awful decisions, but 30% hardware profits gives them an enormous margin of safety. As Warren Buffett has said, you want to own a business any fool can run, because sooner or later a fool will run it. I'm not saying Apple's business is easy to run, but if Cook falters for a few years, the board will be able to write a check as big as necessary to get any replacement they need, and the next guy will have a nearly unlimited amount of resources to get it back on track.

 

[Uninterested_Viewer]

The next week or so should be interesting. I absolutely do believe that TouchID can be fooled- but I'm not yet convinced that it's within most people's means to do so. Basically, I'll be interested to see how many people out there can replicate this technique. Frankly, I'm surprised we haven't yet seen any *additional* videos of others being able to do it (or are there already?).

 

[another ars account]

uhuznaa[/url]":14a1sk1x]
In case you haven't noticed that: The iPhone hype has turned into a "Appel is doomed" hype. In a major german program the conclusion of a review of iOS 7 was "but this won't be enough to save Apple".

This whole media situation differs in no material way from "antenna-gate". And the iPhone 4 sold in huge numbers over three full years. With no change to the antenna.

 

[Penforhire]

Something else they should work into the OS for this -- have one or more registered fingerprints cause the phone to jump into PIN-only lockdown. I'm thinking of the law enforcement case (assuming I think such access is an "unreasonable search").

 

[lezmaka]

iljitsch[/url]":3m08soxj]

jeamland[/url]":3m08soxj]I, for one, think it'll be in an update to iOS 7 shortly: ability to require both fingerprint and password. It seems like low-hanging fruit.

No, this is not an option. The reason for that is that finger print identification just isn't reliable enough. A cut, a scrape or a burn will make your finger unreadable. Fingerprint readers are also notoriously failure-prone. So when the day comes the phone can't read your finger, you need to have another way to get in.

At that point you would use the PIN. According to the Anandtech review, you have to setup a PIN in order to use Touch ID. So if your fingers get burned and no longer have fingerprints, you just use your PIN.

 

[ewelch]

kruzes[/url]":1n75yf9m]

ewelch[/url]":1n75yf9m]The author does not give Apple sufficient credit when implying they would not be interested in making two-factor authentication an option. They did with iCloud.

They did for how many countries? Why is two-factor authentication even a country specific thing?

I don't live in "many countries." All I know is where I live, where two factor authentication is encouraged by Apple for iCloud users. Anyone want to give us more than innuendo that Apple does not choose to do it anywhere else for reasons other than local laws? (For example music, movies, books and apps in iTunes varies from country to country because of local laws and media company rules.)

 

[reever]

Why can't they use other fingers, or more than one? Most people don't put thumbs and pinkies on screens

 

[Jet Tredmont]

iljitsch[/url]":keveb5e4]

jeamland[/url]":keveb5e4]I, for one, think it'll be in an update to iOS 7 shortly: ability to require both fingerprint and password. It seems like low-hanging fruit.

No, this is not an option. The reason for that is that finger print identification just isn't reliable enough. A cut, a scrape or a burn will make your finger unreadable. Fingerprint readers are also notoriously failure-prone. So when the day comes the phone can't read your finger, you need to have another way to get in.

What we need is the iWatch where the iPhone automatically locks when it's moved too far from the iWatch and unlocks when it gets back into range.

Single password (not pin): Direct entry.
Pin + Fingerprint: Direct entry
Pin alone: nothing
Fingerprint along: nothing

Throw in a time variable:

less than 1 hour since last entry:

Single password (not pin): Direct entry.
Pin alone: Direct entry
Fingerprint along: Direct entry

The two-factor authentication allows for easier access in this case (Apple's stated goal with TouchID), not for enhanced security over a long high-entropy password.

Also note that we are encouraged to register multiple prints in case of injury. The backup is there in case all registered fingers are unreadable, but it's a backup.

 

[dtidmore]

First off, the timeout period of 1-5 minutes IS STILL THERE, as is IMMEDIATE, which is what I have ALWAYS used along with a complex (ie upper/lower/numbers) passcode of 8 or more characters. Typing in an appropriately complex PIN is the price I am willing to pay for some level of security.

The new fingerprint reader on my iPhone 5S is simply a MORE convenient way of getting back into my phone. Any time my phone goes to sleep or I press the power button, I have to EITHER enter my Passcode or let it read my fingerprint. This is NOT any less secure than what we had before and is a lot more convenient.

The 48 hour limit is the amount of inactivity time (no way to change) that FORCES the user to enter the PIN/Passcode rather than allowing either the PIN/Passcode OR the fingerprint. It does NOT delete your fingerprint information that is stored in the A7 processor, it simply does NOT allow you to use it to unlock your iphone after the 48 hour timeout.

Second the 3D, capacity topology map of the sub epidermal layer is NOT stored as read. The information is passed thru an encryption algorithm (only apple knows the hash algorithm) and a number(s) representing the original information is generated. It is NOT anywhere close to the original information. At 500 ppi there are literally hundreds of thousands of individual capacitance readings and it is unknown if each is encrypted individually (would make it more secure) but Apple did state that the fingerprint is not stored as as read but as an encrypted numeric representation (could be a single number or an array of encrypted numbers).

All this speculation is just that and until someone actually can PROVE, with NO uncertainty, in a manner that is repeatable by others, that the fingerprint reader can be hacked, everything is just plain conjecture.


David

 

[Galatian]

ascendedguard[/url]":3ogy6wig]

Honey Badger[/url]":3ogy6wig]
Any sufficiently determined attacker can crack 4-digit PIN codes as well. All they need to do is stealthily shoulder-surf as you type it in. Touch ID works better against average thieves than a PIN, as a thief needs to spend time taking a high resolution photo of your fingerprint, touching up the photo, getting to a laser printer, applying the latex, and letting the latex film settle. That gives the victim some time to remotely disable their phone from the Find My iPhone app.

Yes, it's true that a thief can perform these steps before stealing the phone, but that's a targeted attack. And with mobile devices, all bets are off in targeted attacks.

On the other hand, they can unlock your phone using TouchID without ever looking over your shoulder or figuring out your password. Your fingerprint is likely all over the screen, so if they want in, they just swipe your device immediately and go to work.

Not necessarily: I keep my iPhone in a pull-out case (I hate cases around such a beautiful product, hence I only use it as a protection when it is in my pocket and when I use the phone I can take it out easily) which has micro fibers inside. The phone get's "cleaned" by simply putting the phone in and out of the case. I suggest that everybody really concerned about TouchID and leaving the "password" right on the phone with your fingerprint should use such a case.

Case in point: my ex used to look up my mails on my iPad TWICE. Ever since he has done that I (reluctantly) added a passcode. I hate to employ an annoying passcode out of jealousy, so I for one am glad TouchID will make my life easier again (well and the fact he is my ex now ;-) ). I have no doubt that if my ex really was anxious to read my mails, he could have gotten into my iPhone/ipad even with either a passcode or TouchID in place. TouchID is just much more convenient for me.

 

[Chuckstar]

reever[/url]":170gs7y2]Why can't they use other fingers, or more than one? Most people don't put thumbs and pinkies on screens

I use my thumb all the time on the screen. Do you never use a smartphone one-handed?

 

[abhi_beckert]

Anyone who wants real security should just set a long password instead of a 4 digit pin. That can't be cracked assuming you never type it in while someone is watching.

Alternatively store your most secure data in a third party app, such as 1password, with it's own proper password.

A four digit pin can be cracked in a few minutes by plugging in a USB cable. No need for perfect photos of a wine glass or trying to video someone as they type it in. Just plug a cable into the dock and you've cracked it.

The only real security option has always been to set a properly long password, which nobody ever does. This is a nice middle ground between a 4 digit pin and a long password.

 

[cyber-monk]

Wouldn't it matter which finger you used to activate the sensor? If you used the middle finger to activate and the index finger on the screen then it may be more difficult to lift a print. Its all an academic exercise. I If someone wants to get into the device and they have the time and money then it can be done.

The ideal scenario of course is that the user is backing up their iPhone to iCloud and once they discover the phone is stolen they would remotely wipe it. Now your data is safe in iCloud and the thieves can only sell the phone for parts.

 

[qchronod]

I'm wondering if it works with the tip of your nose. Don't have a 5S, but it would be more convenient than having to try and remove gloves in the cold (esp when biking and only have one hand free)

 

[abhi_beckert]

Your fingerprint is likely all over the screen, so if they want in, they just swipe your device immediately and go to work.

The screen's oleophobic coating reduces fingerprints enough I highly doubt you could get a good enough photo of a smudge on the screen.

I'm using my iPhone now, and it's warms so my fingertips are a bit sweaty, but the screen only has faint smudges, nothing with any detail.

 

[evan_s]

I think this is interesting but I think a lot remains to be seen. I sure didn't expect it to be impossible to defeat the finger print scanner because as others have pointed out much more expensive and dedicate scanners have all been defeated with enough effort.

Even if you assume there isn't any trickery there are a number of questions that remain.

How high quality does the print need to be?
They had a willing participant trying to provide a good quality print and still had to clean it up with Photoshop. This doesn't bode well for finger prints lifted off random things like a glass or even the phone itself. If a casually lifted print isn't high enough quality for the process to work then this attack gets a lot more difficult.

How long does the process take?
Assuming it is possible to pull this process off with casually lifted print it is still important to know how long it will take. It only has to take long enough for me to notice my phone is missing before it's remote wiped and there is nothing to recover from the phone or even possibly before the phone defaults to requiring a pin/password.

What can apple do to respond?
Can apple tweak the process to detect this type of attack or make it harder to accomplish? To some extent I'm sure it's a balance between detecting fakes and false negatives. Apple could add a setting for the sensitivity altho that is not quite Apples typical process. It could definitely lower timers so that the pin/password is required sooner or make it configurable. Decreasing this even further when it can't connect to their servers to receive a remote wipe would also help eliminate potential attack options. I'm sure there are even other options.

Even after all that there is still the very valid point that many people make that this is still bound to be better than no password or a 4 digit pin. If this is a better trade off between convenience and security it still has a use even if it isn't as secure as some people would like it to be or as secure as they believe Apple made it sound. Sure it would be great if everyone had long secure passwords on their phone but the reality is very few people do that and almost everyone still has tons of important info on their phones even when they have no security at all. I'd bet that most peoples unsecured phone still have email access and that with that you could get access to their bank account(s) as they likely have at least one email from their bank in their mail box and then you are just a forgot username/password away from having access to their account.

 

[nibb]

Its really easy to make it secure to this attacks.

Just enroll your toe finger, it will never leave your prints anywhere as opposed to hand fingers.

 

[pen_sq]

Stop worrying about the "absoluteness" of mathematically perfect security, and think a bit about the business of stealing. The thief that most likely lifted your phone isn't personally interested in getting your information, he just wants to turn the hot potato into money fast. He kinda knows a Russian that'll pay $10 for a dump of the data on the phone, while you're at it. Adding that onto the $50 he gets for a phone is not bad, but it's not worth taking an hour to fuss over.

If somebody's willing to drop a couple thou on a gumshoe to get your phone data, you're screwed. If you don't torch your thumb the moment cops surround your hideout, you're screwed. If you blow a whistle on the president, you're in for a big, knobby, masonry kind of screwed. Failing to solve those problems doesn't invalidate the effort to raise the minimum security level of the broader user base. A perfect solution that's only activated on 10% of phones does diddly to the profitability of any common thief, but a mediocre solution turned on 90% of the time will take the wind out of a lot of barely competent thieves.

 

[AdamChew]

Since some of the posters were saying it is easy to duplicate what CCC did, here you chance to duplicate their feature and then post the video on YouTube to show how easy it is.

BTW saying doesn't make it so, for example how will this James Bond knows which finger I am using to unlock the phone.

It is more believable if CCC use any phone other than their own to create this bypass.

 

[Pubert]

w0nkaw[/url]":1bc8ykee]Given the minority of people that actually do use a passcode only do so with the default 4 digit settings, is this really worse? Let's look at the people who illicitly procure iPhones:

1. (Common) Snooping friends/relatives — probably not much effort needed on their part to simply spy during one of the many times a passcode is entered.
2. (Less Common) Petty thief looking to resell iPhone — might try to unlock, but likely won't invest that much effort into the endeavor before resetting/selling the device.
3. (Least Common) Some nefarious likely anonymous person looking to steal data — Will likely get past a 4 digit pin given time anyhow. Also see #1.

TouchID isn't designed to be the push the echelon in hard-to-break security, but rather to bring more people into an equivalent lowest common denominator.

That said, Apple not including some way to use TouchID in conjunction with a passcode for two-factor authentication is a bit silly.

How about just using two fingers instead of one? I don't have a problem with having to use both my thumb and pinky. It would be just as fast.