More details, new video showing Iphone fingerprint reader pwned by Chaos Computer Club


#1

[Permalink]


#2

What I think people are missing is that a phone with this id enabled could be cracked, I think with out warrant, if you are arrested and fingerprinted by the authorities. Except for the protection of "innocent until proved guilty" The authorities could read your email, contact list, browsing history. For my part Ill stick to the number pad.


#3

Starbug didnt hack iPhone's fingerprint option. He tricked it. Cause, sculpting a finger print is not hacking.


#4

And I dont know why Apple is calling it Fingerprint detection. It's more like texture detection


#5

Does anybody know what method they used to make the mask? It looked like a light box of some type. I would like to take up brass etching again but I have failed in finding a reliable mask printing method.


#6

I don't think tricking something is inconsistent with hacking it - quite the opposite, actually.


#7

Whatever.
It's still a ridiculously involved process. CCC get some geek cred, and Cory gets his weekly Apple-GRAR on, but I don't see this being any sort of valid thread to the general consumer.

Half of iPhone users don't set any security at all. Their primary reason for not doing so is that entering a PIN several times a day is annoying. This works at least as well as setting a PIN and takes a fraction of the time to use, plus there's a bit of entertainment/novelty value. If it drives a higher number of consumers to actually start using some form of security, more's the better.


#8

It is totally hacking, by any reasonable definition of hacking. (Of course, it's not news-media hacking, but most of that /isn't/ hacking by any reasonable definition thereof, so yeah)


#9

Yes, what this really prevents is people screwing around with others phones. Apple may be solving a problem they have had complaints about that has nothing to do with international spy rings, but something simpler and more homely like, "Please help me keep my spouse from spying on me. Or,"How do I keep co-workers from screwing up my farmville when I am not looking."


#10

The new system has me terrified that someone will chop off my finger to get into my phone. That's why I trained it to identify my scrotum. What could possibly go wrong?


#11

I wouldn't think of this as a huge security bombshell or a claim of a new exploit. It's just a bit of consumer education. The CCC is not a wannabe Anonymous waging any kind of war on Apple. They are more or less a consumer education and civil liberties advocacy organization - and one that does a lot of good work. They are showing people what the feature does and what it doesn't do. I agree that there are legitimate uses for this technology despite its limitations. However I am also sure that many people would overestimate its security.


#12

If one could set the phone up so that it required both the fingerprint and a PIN, the system would be much more secure. It shouldn't be a terribly difficult thing to enable either. It'd put it as a feature to be implemented in the first iteration of the new iOS.


#13

And I would totally cut off somebody's testicle to see what they on their iTunes! We're like an O'Henry story, but with fewer presents and more mutilation!


#14

alternative downloads:
ogg: http://lix.cc/video/Starbug-EiF00nHack-Ct.ogv
webm: http://lix.cc/video/Starbug-EiF00nHack-Ct.webm


#15

Meh. They "pwned" the 5s in the same manner one would trick any consumer fingerprint reader. There's nothing special about the 5s that made it more vulnerable than, say, a Motorola Atrix. So all the "Apple! Grrrrr!" brouhaha is a little disingenuous...


#16

pocket calls.


#17

"Are you listening? Because this is literally my dick in your ear!"


#18

Yeah but look who posted this...


#19

Weird how when the new iPhone was announced, they claimed the fingerprint reader was more advanced than previous fingerprint readers so it wouldn't be hacked by the same methods. But now that it's been easily hacked, Apple fans have decided that it doesn't matter.


#20

This same method, and some slightly simpler ones, work on "high security" finger print scanners used to secure buildings. It would be quite surprising if the iPhone finger print scanner was a lot more secure than scanners that cost more than the entire phone. Myth-busters beat expensive finger print scanners and were surprised how easy it was.