Touch ID success

Over the weekend, a group of hackers called the Chaos Computer Club announced that it had managed to bypass Apple’s Touch ID system using the popular ‘fake finger’ method involving a hi-res photograph, and pink latex milk.

As you’d expect, the announcement has caused quite a commotion, and has a lot of folks concerned. But according to security expert Marc Rogers, they shouldn’t be. He says the average consumer has nothing to worry about…

Here, Rogers explains how difficult it would be to replicate the hack (via ArsTechnica):

“First you have to obtain a suitable print. A suitable print needs to be unsmudged  and be a complete print of the correct finger that unlocks a phone. If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone.

Next you have to “lift” the print. This is the realm of CSI. You need to develop the print using one of several techniques involving the fumes from cyanoacrylate (“super glue”) and a suitable fingerprint powder before carefully (and patiently) lifting the print using fingerprint tape.”

And even after all of this, all a thief would have thus far is a slightly smudged print on a white card. They’d still have to create the fake fingerprint, which is, according to Rogers, the hardest part requiring the most skill and materials.

He sums it up by saying that the whole thing is still in the realm of a “John le Carré novel,” meaning it’s nothing that your average thief would be able to do. And don’t forget, Touch ID times out after 5 rejected fingerprint attempts.

  • nick

    Glad something with some authority on the topic has chimed in…

    The average person (%99 of the population) that will find your phone should you lose it will not be able to get into your phone. They have a better chance of figuring out your passcode then attempting to duplicate your finger print.

    The amount of extra security this adds is amazing for a personal handheld, of course there will always be ways around security measures but as we now have seen the average person will not be able to get into your phone.

    • TesticularFortitude

      You know how difficult it would be to lift prints from a phone? Then hope you have the right print after you’ve went through the task of copying it? Or hopefully there’s a readable print on the device. And once you’ve entered enough wrong prints, it requires a pass code.

      On my iPhone 5s, you get four tries then it asks for a pass code.

      Put me in the category of the unconcerned.

      • Jonathan

        Can you do my a favor then? I’m curious what happens. Go into Touch ID settings, and turn off the option to display passcode as well so you have a choice to enter the code or use your finger.
        Once that’s off, use your finger and fail 4 times. Does it bring the code up or does it lock you out for a minute?

      • TesticularFortitude

        You can’t have touch Id on without pass code enabled if that’s what you’re asking.

  • Chris Wagers

    I could have sworn someone (on a blog or website) before this hack said it had to be a finger attached to a live human.

    • FFF84

      I think that was in Idownloadnlog.
      but there are using a photo of the fingerprint with another finger, which is “attached” to someone body. so it still must be attached.

      • Chris Wagers

        Thank you!

      • FFF84

        but it is still scary because not your finger is the one that must be attached :). so in some way you are right.

    • Rowan09

      That’s what Tim Cook said I believe when it was being introduced, obviously they were wrong.

  • Sif

    The guy that hacked it won $20000.

    • Jo

      yeah.

  • U Kn0w What 1t 1s

    I’m not worried about my finger print being hacked, I’m worried about the M7 motion chip which is always on and tracks your every move. What people don’t realize is that anyone with a 5s can be tracked. All the NSA needs to do is ask apple for a back door or serve them with papers to obtain that info and any person with a 5s can be found.
    Even though the 64 bit processor is a huge selling point for me, I won’t upgrade until the motion tracking becomes an optional application. Anyone with this phone should seriously reconsider what you have just bought.

    • Rahnold

      You can simply disable motion tracking if you are worried about ‘Big Brother’. If you are that concerned then you would also likely never want to leave your phone connected to your carrier network either! Your location is captured from that as well and can be accurately translated into a log of your every move. Sure this will give them more analytical data but .. SSDD. The problem is not the phone, or it’s software.

      • U Kn0w What 1t 1s

        The M7 never turns off, it is always tracking. And I never have my location services on unless I’m using my gps.

      • Tikimaker

        What are you doing that you are so worried about being tracked? The average citizen has nothing to hide.

      • Chris Holden

        exactly what i was gonna say lol ”oh noes! the NSA the fbi!!! the CIA! THEYRE GONNA GET ME!! FU APPLE NO THANKS!!” Btch please get over urself no one cares what u do

      • Antzboogie

        So your cool with being searched for no reason? Lol you must be a communist control the internet too right? Yeah right!

      • Tikimaker

        My basic Internet use will not send up a red flag to where a government agency would need to track my iPhone.

        Hell I got a hand slap from my Internet provider for downloading torrents. So no mater what big brother has access to what you do unless you stop using the Internet and that is the way it is. So you don’t have a Facebook account? Because Facebook has more of your personal information then you really want to think about.

      • mehrab

        Your a pedophile/drug dealer/just over reacting toooo much

      • Rowan09

        Why do you own a smartphone if you are so worried about the NSA? It’s inevitable, you can’t run away from the government that easy.

    • TesticularFortitude

      Haha… Oh lord.

    • Farbod

      why is everyone so concerned with the NSA? what are you people doing? making meth? as long as your just a normal guy not doing anything illegal the NSA should not be a worry.

      • U Kn0w What 1t 1s

        Anyone who cares abput their privacy or owns a firearm should be worried. For the rest of you sheep, not isheep, but sheep of America, don’t worry, be tracked.

      • Rowan09

        Once you have a smartphone you can be tracked so all this is irrelevant. I’m against big brother and anything with too much government involvement but come on its not that serious.

      • On

        Lol even if you have a Nokia 3310 your location can still be triangulated since you need signals to receive phone and make phone calls.

      • Kaptivator

        I own firearms and I’m not worried. I also don’t purchase them from dealers, gun shows or online.

  • Matthew

    Also one more reason why people shouldn’t be worried about this. Touch ID disables after 48 hours if the device hasn’t been unlocked. For it to be reenabled the pass code must be entered.

    • smtp25

      yeah but if the person keeps using your fake print it won’t timeout

      • Matthew

        And how long do you think it will take to make the print

      • TesticularFortitude

        Forever!

      • smtp25

        yeah but that wasn’t your One more reason (which was timeout)

        Obviously for 99.999999% of people it is sufficent security because no one is going to the effort and expense to see your selfie pics or make some toll calls

      • Rowan09

        So we have experts running around stealing people’s phones and making fake fingerprints? If someone information is that important you can also use a pass code with the touch ID so this wouldn’t be an issue.

      • Byron C Mayes

        Actually, you have no choice. You have to use a pass code with Touch ID. So there’s that.

      • smtp25

        Nope of course not, just the timeout itself doesn’t provide extra protection if you never let it idle IF someone went to the extreme effort of getting your finger prints

      • Rowan09

        Instead of someone getting access to your phone somehow without you knowing and make you fingerprint to unlock you phone before you use find my iPhone to wipe the phone they would probably just pull a gun out and ask for the phone. Touch ID is a convenient feature and it needs the password as well so it’s added security. If Anonymous hacked in so many different government sites like the CIA, FBI, etc its possible to hack any electronic device made.

  • @dongiuj

    “This is the realm of CSI” which hackers managed to do.

    • Byron C Mayes

      Those guys aren’t going to be the ones stealing your hardware. If anything, they’re hacking the network and stealing all of your precious baby pics and cat memes over the air. The “snatch and run” teenage kid on the subway will just be selling the phone for cash. Or he’ll just throw it away if he can’t get it to work.

  • Kevin Guzman

    I actually said this before, but I guess it seems suitable to post it on here as well. The NSA does not care about what you do, stop being so big-headed. They will obviously tap into certain people’s phones, but I’m pretty sure about 98% of the people on iDownloadblog are not important, myself included. Get over yourselves and don’t make this a reason not to upgrade to the iPhone 5s – its an amazing device. Also, if you’re so terrified about being tracked by “The Government”, just turn the tracking features off. If you’re still worried about being tracked, get rid of your phone now… because they’re tracking you as you read this through your cell network. You know, the thing that allows you to make calls.

    • Chris Holden

      well said

      • smtp25

        Have you heard of Big Data? Do a Google.

        If the government wants to push a particular agenda they can leverage the combined information from PRISM,government records,etc to better target people. You may not be doing anything wrong but the more information that is out there that is mined will normally work against your best interests not for it.

  • Ghost

    By now most of iPhone 5s user already try the magic fingerprint hack lol

  • Jonathan

    I ain’t average. 🙂
    Now excuse me while I go find out my friend’s security number…