Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Bypassing the iPhone 5s fingerprint security was "no challenge at all," according to the hacker with a clean copy of the fingerprint, 2400dpi scanner, silicone 3d printer, and no life   (arstechnica.com) divider line 60
    More: Followup, Touch ID, PCB, facial recognition technology, fingerprints, RSA, iPhone, copying, personal device  
•       •       •

892 clicks; posted to Geek » on 25 Sep 2013 at 10:02 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



60 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-09-25 10:08:05 AM  
Sure, just about any fingerprint identification software/hardware can be bypassed the same way. But I don't think the suspicious girlfriend/boyfriend will be able to go through all of THAT, and I doubt the average thug who jacks your purse is going to be able to go through all of that too. So, all in all, I think it is still a win for Apple.
 
2013-09-25 10:20:59 AM  
You say 2400dpi scanner like that's a hard thing to come by.

And you don't really need a 3d printer.  And your fingerprints are everywhere.

I'm not saying that somebody would do that to get into your phone; frankly, you're probably not that interesting.  But it's not all that far-fetched.
 
2013-09-25 10:23:11 AM  
It's like if the Oceans 11 team decided to shoplift a lipstick from K-Mart.
 
2013-09-25 10:29:32 AM  

whosits_112: Sure, just about any fingerprint identification software/hardware can be bypassed the same way. But I don't think the suspicious girlfriend/boyfriend will be able to go through all of THAT, and I doubt the average thug who jacks your purse is going to be able to go through all of that too. So, all in all, I think it is still a win for Apple.


And when more companies start putting biometric whatsits on every damn thing, because if it's a "win" for Apple it must surely be the same for everyone else, too?

You know how any decent security nerd will tell you that you shouldn't use the same password for everything?

At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.
 
vpb [TotalFark]
2013-09-25 10:31:56 AM  
There is no such thing as perfect security and there probably never will be.
It's not like locks couldn't be picked.
 
2013-09-25 10:33:35 AM  

China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.


I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.
 
2013-09-25 10:33:42 AM  
imgs.xkcd.com
 
2013-09-25 10:39:00 AM  

Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.


Many orders of magnitude easier than cracking a properly implemented strong password.
 
2013-09-25 10:41:42 AM  

vpb: There is no such thing as perfect security and there probably never will be.
It's not like locks couldn't be picked.


this.

/Apple releases a new security feature in one product line and suddenly every gadget freak who lives with his mom is a security expert
 
2013-09-25 10:43:09 AM  

China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.


You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.
 
2013-09-25 10:44:28 AM  
silicon 3d printer?  Hmm... the possibilities....
 
2013-09-25 10:47:30 AM  

cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.


I can follow you around all of five minutes, call your phone, or create an event that causes you to unlock your phone and visually verify what finger you use.

Then I get your car door, coffee, cup, or even pretend to be a delivery boy and dust your homes door knob.  A few hours tops.
 
2013-09-25 10:50:58 AM  

cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.


Nah, I just need to get that Starbucks cup you threw away this morning.
 
2013-09-25 10:53:50 AM  

cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.


You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

...yeah, if you're hacking an agoraphobic, maybe.  The same group of hackers published some German officials fingerprints a few years back.  Pretty sure they didn't break into the guy's house, conclusively demonstrating that your "pretty much necessary" condition is utter bullshiat.
 
2013-09-25 10:58:45 AM  

HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.


Good thing I drink with my right hand and use my left hand for fingerprint security
 
2013-09-25 11:09:02 AM  

cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.


Assume for a moment that neither method is hackable, and both methods are perfectly secure.

If a court can't prove you remember your password, then you can't be legally obligated to un-encrypt your device.  Good luck trying that on a device encrypted with your fingerprint.  Police are already allowed to take your fingerprints, and one could (and will probably soon) make the argument that since they already have your fingerprints, then there's no law protecting your data encrypted with it.

In fact, a more entrepreneurial type could set up a business just decrypting fingerprint devices using fingerprints scanned by police forces.  Send in the device and the scanned fingerprints, and a week later get the device, and a thumb drive containing all the unencrypted data.
 
2013-09-25 11:15:33 AM  

Jamik137: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

Good thing I drink with my right hand and use my left hand for fingerprint security


And good thing the only thing you touch in the course of your day is with your right hand right?
 
2013-09-25 11:15:35 AM  

Jamik137: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

Good thing I drink with my right hand and use my left hand for fingerprint security


Good thing you only type with one hand, too.
 
2013-09-25 11:23:00 AM  

HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.


you're going to lift a fingerprint from a starbucks cup? Tell me, how easy is it to lift fingerprints from paper?
 
2013-09-25 11:24:28 AM  

browser_snake: Jamik137: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

Good thing I drink with my right hand and use my left hand for fingerprint security

Good thing you only type with one hand, too.


Good luck getting into my office and/or house to lift a fingerprint off my keyboard. Seriously, do you guys think that run-of-the-mill phone thieves are going to bother with all this Oceans Eleven stuff just to sell a phone for $600? One which, by the way, they can't wipe or activate?
 
2013-09-25 11:25:25 AM  
How much is a shiny aluminum brick worth on the black market?
 
2013-09-25 11:30:42 AM  

theflatline: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

I can follow you around all of five minutes, call your phone, or create an event that causes you to unlock your phone and visually verify what finger you use.

Then I get your car door, coffee, cup, or even pretend to be a delivery boy and dust your homes door knob.  A few hours tops.


You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.
 
2013-09-25 11:36:30 AM  

fo_sho!: theflatline: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

I can follow you around all of five minutes, call your phone, or create an event that causes you to unlock your phone and visually verify what finger you use.

Then I get your car door, coffee, cup, or even pretend to be a delivery boy and dust your homes door knob.  A few hours tops.

You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.


Old scam too, in 1996 I was in the Marriot Marquis in Manhattan at the bar, and went to use a payphone and I keyed in my phone card card, and about three weeks later i got 2000$ bill for calls to nigeria.  The police later caught the guy  in the same bar with a video camera.

The only real thing that Apple is doing with security now is not the scanner, is that before an iphone can be sold, traded, used on another number is that the owner must remove the phone from being linked to their apple id, then completely reset and erase all content on the phone, then the new user of that particular phone can then get it activated.

Of course it will be a pain in the ass to carriers and in my case as a tech manager, i will get the angry users pissing and moaning about why do they have to go through all this just to pass their phone down to their kid.
 
2013-09-25 11:39:44 AM  

gingerjet: Apple releases a new security feature in one product line and suddenly every gadget freak who lives with his mom is a security expert


Meanwhile, back at an actual biometric security expert...

First you have to obtain a suitable print. A suitable print needs to be unsmudged and be a complete print of the correct finger that unlocks a phone. If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone. Try it yourself. Hold an iPhone in your hand and try the various positions that you would use the phone in. You will notice that the thumb doesn't often come into full contact with the phone and when it does it's usually in motion. This means they tend to be smudged. So in order to "hack" your phone a thief would have to work out which finger is correct AND lift a good clean print of the correct finger.

Next you have to "lift" the print. This is the realm of CSI. You need to develop the print using one of several techniques involving the fumes from cyanoacrylate ("super glue") and a suitable fingerprint powder before carefully (and patiently) lifting the print using fingerprint tape. It is not easy. Even with a well-defined print, it is easy to smudge the result, and you only get one shot at this: lifting the print destroys the original.

So now what? If you got this far, the chances are you have a slightly smudged print stuck to a white card. Can you use this to unlock the phone? This used to work on some of the older readers, but not for many years now, and certainly not with this device. To crack this control you will need to create an actual fake fingerprint.

Creating the fake fingerprint is arguably the hardest part and by no means "easy." It is a lengthy process that takes several hours and uses over a thousand dollars worth of equipment including a high resolution camera and laser printer. First of all, you have to photograph the print, remembering to preserve scale, maintain adequate resolution and ensure you don't skew or distort the print. Next, you have to edit the print and clean up as much of the smudging as possible. Once complete, you have two options:

The CCC method. Invert the print in software, and print it out onto transparency film using a laser printer set to maximum toner density. Then smear glue and glycerol on the ink side of the print and leave it to cure. Once dried you have a thin layer of rubbery dried glue that serves as your fake print.

I used a technique demonstrated by Tsutomu Matsumoto in his 2002 paper "The Impact of Artificial "Gummy" Fingers on Fingerprint Systems". In this technique, you take the cleaned print image and without inverting it, print it to transparency film. Next, you take the transparency film and use it to expose some thick copper clad photosensitive PCB board that's commonly used in amateur electrical projects. After developing the image on the PCB using special chemicals, you put the PCB through a process called "etching" which washes away all of the exposed copper leaving behind a fingerprint mold. Smear glue over this and when it dries, you have a fake fingerprint.

So what do we learn from all this?

Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don't forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it. However, let's be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn't a threat that many of us face.

TouchID is not a "strong" security control. It is a "convenient" security control. Today just over 50 percent of users have a PIN on their smartphones at all, and the number one reason people give for not using the PIN is that it's inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.


So what are the chances someone you know has the skills, can figure out the correct fingerprint to use, and can go through a very complicated process quickly enough that the fingerprint reader doesn't automatically deactivated in favor of a PIN code, and then can get the fake print read (despite the fact that they aren't sure which print is correct) within the five tries allowed, before the reader disables itself in favor of a PIN code?
 
2013-09-25 11:39:46 AM  

fo_sho!: You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.


Okay, and tell me how the run-of-the mill phone thief is going to pull this off?
 
2013-09-25 11:46:32 AM  

cameroncrazy1984: fo_sho!: You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.

Okay, and tell me how the run-of-the mill phone thief is going to pull this off?


I'm not saying they would. I'm arguing that spoofing a fingerprint scanner is way beyond the abilities of a thief, especially when compared to stealing a lock code. Which, I agree, is way beyond the average thief.
 
2013-09-25 11:49:45 AM  

fo_sho!: cameroncrazy1984: fo_sho!: You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.

Okay, and tell me how the run-of-the mill phone thief is going to pull this off?

I'm not saying they would. I'm arguing that spoofing a fingerprint scanner is way beyond the abilities of a thief, especially when compared to stealing a lock code. Which, I agree, is way beyond the average thief.


So then if I never unlock my phone with a passcode then what would be the problem?
 
2013-09-25 11:50:40 AM  
If someone really wants to get into your phone, your computer, your house...I mean really wants to...they're going to.

Locking your door, comp, or phone will dissuade 99% of the people you're likely to encounter from trying to break in. Unless you're an international spy, I wouldn't worry too much about someone out there being able to bypass your finger print security on your phone.
 
2013-09-25 11:57:20 AM  

cameroncrazy1984: fo_sho!: cameroncrazy1984: fo_sho!: You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.

Okay, and tell me how the run-of-the mill phone thief is going to pull this off?

I'm not saying they would. I'm arguing that spoofing a fingerprint scanner is way beyond the abilities of a thief, especially when compared to stealing a lock code. Which, I agree, is way beyond the average thief.

So then if I never unlock my phone with a passcode then what would be the problem?


Well then the problem is that if you lose your phone then all the data on it is immediately available to anyone that finds it.

Not sure why you're asking this.
 
2013-09-25 12:06:38 PM  
A 4 digit password is also terrible security... provided it's not set to wipe after 10 attempts, anyone with two neurons to rub together could crack is in 30 minutes, tops. 

0001... Damn. 0002... Damn.
 
2013-09-25 12:08:09 PM  
I hacked the iPhone 5S in like 30 seconds. Here are my steps:

1) "Wow! Lemme see your new iPhone!"
2) Lock iPhone and scan your fingerprint a bunch until it asks for a password.
3) "Dude, it's asking for a password."
4) Watch them enter the password.
5) Register your own fingerprint in the settings.

5 easy steps and no extra equipment required.
 
2013-09-25 12:15:26 PM  

Nayman: A 4 digit password is also terrible security... provided it's not set to wipe after 10 attempts, anyone with two neurons to rub together could crack is in 30 minutes, tops.


Or, not.
 
2013-09-25 12:20:01 PM  

fo_sho!: cameroncrazy1984: fo_sho!: cameroncrazy1984: fo_sho!: You can also call someone, then video them unlocking the phone with a password. It's easier to do that than reverse engineering a fingerprint. Especially if you have an iphone 5 with the slo mo video.

As someone who has done a lot of work on iris recognition devices I'm getting a kick out of this.

Okay, and tell me how the run-of-the mill phone thief is going to pull this off?

I'm not saying they would. I'm arguing that spoofing a fingerprint scanner is way beyond the abilities of a thief, especially when compared to stealing a lock code. Which, I agree, is way beyond the average thief.

So then if I never unlock my phone with a passcode then what would be the problem?

Well then the problem is that if you lose your phone then all the data on it is immediately available to anyone that finds it.

Not sure why you're asking this.


No, like, I unlock it with the fingerprint sensor instead.
 
2013-09-25 12:20:45 PM  
Hell, it should be a snap for any typical meth addict who happens to steal your phone.
 
2013-09-25 12:28:59 PM  

whosits_112: Sure, just about any fingerprint identification software/hardware can be bypassed the same way. But I don't think the suspicious girlfriend/boyfriend will be able to go through all of THAT, and I doubt the average thug who jacks your purse is going to be able to go through all of that too. So, all in all, I think it is still a win for Apple.


Not exactly a win if corporations, governments and military forbid their staff from using iPhones, because while a regular run-of-the-mill thief wouldn't go  to those lengths, it's highly likely anyone snooping on any of the above three would.
 
2013-09-25 12:36:41 PM  

cameroncrazy1984: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

you're going to lift a fingerprint from a starbucks cup? Tell me, how easy is it to lift fingerprints from paper?


rollingout.comWhat paper may look like.
 
2013-09-25 12:38:03 PM  

cameroncrazy1984: browser_snake: Jamik137: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

Good thing I drink with my right hand and use my left hand for fingerprint security

Good thing you only type with one hand, too.

Good luck getting into my office and/or house to lift a fingerprint off my keyboard. Seriously, do you guys think that run-of-the-mill phone thieves are going to bother with all this Oceans Eleven stuff just to sell a phone for $600? One which, by the way, they can't wipe or activate?


And a simple password is enough to keep those same thieves out.
 
2013-09-25 12:57:07 PM  

HeartBurnKid: cameroncrazy1984: browser_snake: Jamik137: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

Good thing I drink with my right hand and use my left hand for fingerprint security

Good thing you only type with one hand, too.

Good luck getting into my office and/or house to lift a fingerprint off my keyboard. Seriously, do you guys think that run-of-the-mill phone thieves are going to bother with all this Oceans Eleven stuff just to sell a phone for $600? One which, by the way, they can't wipe or activate?

And a simple password is enough to keep those same thieves out.


Sure, and now I have 3 layers of security on my phone. I have my Apple ID which is required to wipe or reactivate the phone, I have the passcode which can be anywhere from 4-6 digits and I have my fingerprint. So, not only is it more secure from the most likely thieves, it's convenient for me since I only have to touch the phone to unlock it.
 
2013-09-25 01:09:05 PM  
Hi, my name is Werner Brandis.  My voice is my passport.  Verify me.
 
2013-09-25 01:11:40 PM  
The equipment is relatively cheap considering the high reward. A couple of grand worth of equipment and you can make back your money by cracking only a couple of phones.
 
2013-09-25 01:15:27 PM  

China White Tea: whosits_112: Sure, just about any fingerprint identification software/hardware can be bypassed the same way. But I don't think the suspicious girlfriend/boyfriend will be able to go through all of THAT, and I doubt the average thug who jacks your purse is going to be able to go through all of that too. So, all in all, I think it is still a win for Apple.

And when more companies start putting biometric whatsits on every damn thing, because if it's a "win" for Apple it must surely be the same for everyone else, too?

You know how any decent security nerd will tell you that you shouldn't use the same password for everything?

At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.


Well, you could use nipple prints, apparently. I'm pretty sure that I'm not leaving my nipple prints everywhere. At least I hope I'm not.
 
2013-09-25 01:33:55 PM  

Russ1642: The equipment is relatively cheap considering the high reward. A couple of grand worth of equipment and you can make back your money by cracking only a couple of phones.


That you can't then reactivate. How do you make your money back on a brick?
 
2013-09-25 01:37:29 PM  
Or just wait until they fall asleep and scan their finger?
 
2013-09-25 01:42:54 PM  

Nayman: A 4 digit password is also terrible security... provided it's not set to wipe after 10 attempts, anyone with two neurons to rub together could crack is in 30 minutes, tops. 

0001... Damn. 0002... Damn.


HAHA! You will never get mine of 0000.
 
2013-09-25 02:07:59 PM  

HeartBurnKid: cameroncrazy1984: HeartBurnKid: cameroncrazy1984: China White Tea: Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.

Many orders of magnitude easier than cracking a properly implemented strong password.

You're kidding, right? You don't have to break into someone's house to break a password. You pretty much have to in order to get a clean fingerprint. especially if the person used a different finger for the touch ID than for using the phone.

Nah, I just need to get that Starbucks cup you threw away this morning.

you're going to lift a fingerprint from a starbucks cup? Tell me, how easy is it to lift fingerprints from paper?

[rollingout.com image 850x638]What paper may look like.


And the water condensation that collects on the exterior from a cold drink is only going to make it easier too.
 
2013-09-25 04:44:22 PM  

YodaBlues: [imgs.xkcd.com image 448x274]


I never understood the "drug him" part of the second panel. Just hit the guy until he tells you what you want.
 
2013-09-25 04:47:35 PM  
physical hacking kind of misses the point - you have to steal the phone first, and that happens all the time anyways, so even if you got past the fingerprint scanner the owner likely would've flagged it as stolen anyways, not exactly much reward at that point
 
2013-09-25 05:40:45 PM  

AdamK: physical hacking kind of misses the point - you have to steal the phone first, and that happens all the time anyways, so even if you got past the fingerprint scanner the owner likely would've flagged it as stolen anyways, not exactly much reward at that point


Having worked for a cell company, I can guarantee you that a phone flagged as stolen keeps a total of 0 people a year from activating that phone on another providers service.
 
2013-09-25 06:05:24 PM  

Dinki: China White Tea: At that point you have an unchangeable password that you're using in multiple places and, in the case of fingerprints, that you functionally leave written down on everything you touch.

I have ten different fingerprints. Which one did I use? Are you going to get an image of each finger? Do you realize how difficult that is? Getting a clean image of more than 2 or 3 fingers off of everyday objects  is difficult enough, much of all ten.


Oh no... ten fingerprints.   That's like.... two soda cans.  Go ahead, pick up a can of soda and see how many of those precious fingerprints you leave.
 
2013-09-25 06:07:23 PM  

ZombieBear: AdamK: physical hacking kind of misses the point - you have to steal the phone first, and that happens all the time anyways, so even if you got past the fingerprint scanner the owner likely would've flagged it as stolen anyways, not exactly much reward at that point

Having worked for a cell company, I can guarantee you that a phone flagged as stolen keeps a total of 0 people a year from activating that phone on another providers service.


dl.dropboxusercontent.com

Alternately, on any iPhone running the current iOS all you have to do is get to a working internet connection and you can remotely wipe and brick the phone so that it cannot be activated without your username and password.
 
Displayed 50 of 60 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report