Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

iPhone fingerprint scanner broken by Chaos

The new biometric security 'feature' if the Apple iPhone has already been breached using a simple photograph & common everyday items.

It took members of the renowned Chaos Computer Club the blink of an eye to defeat the iPhone 5s secured with TouchID.

Here is a short video. http://www.youtube.com/watch?v=HM8b8d8kSNQ

Bumometrics. You may as well send a photo of your ass, it is probably more 'secure'..

p.s. For obvious reasons I can't post my own bumometrics photo here but you can see a photo of my cute little one here... http://twitpic.com/b52u2g/full

4838

Channels

Security

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (7)

A Finextra member
A Finextra member 22 September, 2013, 23:33Be the first to give this comment the thumbs up 0 likes Biometrics on iPhone was implemented mainly (as Step 1) for convenience, rather than military-grade security. PIN can be broken too, on iPhone or EMV card, with a sharp knife (held to throat), so what?..
Report abuse
A Finextra member
A Finextra member 22 September, 2013, 23:41Be the first to give this comment the thumbs up 0 likes

"as Step 1) for convenience" <I wonder just how many 'steps' are planned for this 'convenience'.

as for not being 'military-grade security' <I wonder what grade of security it is supposed to be, 'kindy grade'?

The 'kindy grade' security 'smartphone'. Step 1 in Apple's post-Jobs smartphone dominance.

Fair call Alexander?

Report abuse
A Finextra member
A Finextra member 22 September, 2013, 23:51Be the first to give this comment the thumbs up 0 likes If someone is after a clean photo of your fingerprint (to be made with 2400 dpi resolution) to access your phone without your knowledge, then rest assured that you have bigger problems than having your bumometrics photos exposed :) Also, PIN can be broken via shoulder-surfing, if we are talking covert here. People still find PINs of use. Perhaps because 99% of them don't store anything on their phones that would be worth the hassle. Those who do, well, that's another story...
Report abuse
A Finextra member
A Finextra member 23 September, 2013, 09:03Be the first to give this comment the thumbs up 0 likes

I don't know much about photography & printing but, for instance, the Canon PIXMA printers can print resolutions as high as 9600x2400 dpi. A 16 megapixel photo of a fingerprint on a glass taken with a macro lens....


...but I do assume some people are using their phones for payments or trading... isn't that 'worth the hassle'?

Obviously the iphone fingerprint thingy is a 'convenience' feature more than a 'security' feature. It doesn't solve the issue with mobile phones for even vaguely secure or private transactions.

Report abuse
A Finextra member
A Finextra member 23 September, 2013, 09:14Be the first to give this comment the thumbs up 0 likes Why bother with fingerprint "cloning" if you can go after the leather wallet?.. Where iPhone is used for trading, how do you exploit that?
Report abuse
A Finextra member
A Finextra member 24 September, 2013, 06:53Be the first to give this comment the thumbs up 0 likes

Re dealing on insecure mobiles, I only imagine that larger sums might be available for 'extraction'.

 

Cnet has published onfirmation Chaos Computer Club member Starbug's hack of the iphone 5s.

They don't show the bit with the printing onto the latex painted onto a sheet... but you get the idea.

Report abuse
A Finextra member
A Finextra member 29 September, 2013, 14:13Be the first to give this comment the thumbs up 0 likes

Apparently all you need to fool the iphone fingerprint is a gang of friend's fingers instead.

Watch this Iranian video

Report abuse
Join the discussion
Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more