Blog article
See all stories »

iPhone fingerprint scanner broken by Chaos

The new biometric security 'feature' if the Apple iPhone has already been breached using a simple photograph & common everyday items.

It took members of the renowned Chaos Computer Club the blink of an eye to defeat the iPhone 5s secured with TouchID.

Here is a short video. http://www.youtube.com/watch?v=HM8b8d8kSNQ

Bumometrics. You may as well send a photo of your ass, it is probably more 'secure'..

p.s. For obvious reasons I can't post my own bumometrics photo here but you can see a photo of my cute little one here... http://twitpic.com/b52u2g/full

Comments: (7)

A Finextra member
A Finextra member 22 September, 2013, 23:33Be the first to give this comment the thumbs up 0 likes Biometrics on iPhone was implemented mainly (as Step 1) for convenience, rather than military-grade security. PIN can be broken too, on iPhone or EMV card, with a sharp knife (held to throat), so what?..
A Finextra member
A Finextra member 22 September, 2013, 23:41Be the first to give this comment the thumbs up 0 likes

"as Step 1) for convenience" <I wonder just how many 'steps' are planned for this 'convenience'.

as for not being 'military-grade security' <I wonder what grade of security it is supposed to be, 'kindy grade'?

The 'kindy grade' security 'smartphone'. Step 1 in Apple's post-Jobs smartphone dominance.

Fair call Alexander?

A Finextra member
A Finextra member 22 September, 2013, 23:51Be the first to give this comment the thumbs up 0 likes If someone is after a clean photo of your fingerprint (to be made with 2400 dpi resolution) to access your phone without your knowledge, then rest assured that you have bigger problems than having your bumometrics photos exposed :) Also, PIN can be broken via shoulder-surfing, if we are talking covert here. People still find PINs of use. Perhaps because 99% of them don't store anything on their phones that would be worth the hassle. Those who do, well, that's another story...
A Finextra member
A Finextra member 23 September, 2013, 09:03Be the first to give this comment the thumbs up 0 likes

I don't know much about photography & printing but, for instance, the Canon PIXMA printers can print resolutions as high as 9600x2400 dpi. A 16 megapixel photo of a fingerprint on a glass taken with a macro lens....


...but I do assume some people are using their phones for payments or trading... isn't that 'worth the hassle'?

Obviously the iphone fingerprint thingy is a 'convenience' feature more than a 'security' feature. It doesn't solve the issue with mobile phones for even vaguely secure or private transactions.

A Finextra member
A Finextra member 23 September, 2013, 09:14Be the first to give this comment the thumbs up 0 likes Why bother with fingerprint "cloning" if you can go after the leather wallet?.. Where iPhone is used for trading, how do you exploit that?
A Finextra member
A Finextra member 24 September, 2013, 06:53Be the first to give this comment the thumbs up 0 likes

Re dealing on insecure mobiles, I only imagine that larger sums might be available for 'extraction'.

 

Cnet has published onfirmation Chaos Computer Club member Starbug's hack of the iphone 5s.

They don't show the bit with the printing onto the latex painted onto a sheet... but you get the idea.

A Finextra member
A Finextra member 29 September, 2013, 14:13Be the first to give this comment the thumbs up 0 likes

Apparently all you need to fool the iphone fingerprint is a gang of friend's fingers instead.

Watch this Iranian video

Retired Member

Member since

19 Mar

Location

Blog posts

3,703

Comments

4,683

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all