Pelican Parts Forums - View Single Post

techweenie · techweenie's Garage

Quote:

Originally Posted by enzo1

“The venerable Chaos Computer Club hacker collective claims to have bypassed Apple’s much-vaunted TouchID biometric security mechanism, as used in the new iPhone 5s,” David Meyer reports for GigaOM.
“This isn’t a hardcore technological hack so much as a good old-fashioned fake fingerprint technique. You find the iPhone owner’s print somewhere (the device itself may carry a few on its glossy surfaces), put some powder on it to make it more visible, then photograph or scan it at high resolution. Clean up the reversed image, print it at high resolution using thick ink, then use that to make a thin latex dummy, which you can put on your finger and use to unlock the iPhone,” Meyer reports. “CCC spokesman Dirk Engling suggested that Apple may have allowed the flaw when trying to balance security and ease of use. ‘In the end you have to shift the balance to more comfort, and that’s apparently what Apple did,’ he said. ‘Out in the field, people would have problems unlocking their iPhones if they were to be too strict. This is a basic problem of biometrics.’”

“If it’s pickpocketing you’re worried about, then bear in mind that your iPhone is probably covered in your fingerprints. That said, making a fake print of the quality we’re talking about here is not trivial and it also takes a while, making it likely that the owner would just remotely wipe the device before anything can be accessed,” Meyer reports. “If it’s muggers or overzealous law enforcement or border agents that you’re thinking about, then this ‘hack’ doesn’t make a blind bit of difference. Merely having a biometric access mechanism makes it possible to grab your hand and use it to unlock the phone… The only real worry here relates to a more targeted attack, perhaps by a private investigator who’s after some juicy corporate secrets.”

Since it requires 1. physical possession of the phone and 2. that the owner chose to use this optional locking feature and 3. a print of whichever specific finger or thumb used on the scanner (user's choice), that presupposes a lot of "ifs." Someone noted this week that a toe can be used as well, BTW.