Skip to main content

View Diary: Hackers Can Easily Bypass Apple’s Fingerprint Security (23 comments)

Comment Preferences

  •  Mythbusters... (3+ / 0-)
    Recommended by:
    JayBat, Lujane, Kevskos

    Note that for the expensive security lock, the foiled it with a Xerox of a thumb print.

    • (14+ / 0-)

      Apple's fingerprint scanning tech is considerably more sophisticated than this.

      In case you didn't actually read the article, here's everything they had to do to get it to work (assuming they did pull it off):

      --First, steal the person's phone.
      --Take a high-resolution 2400 dpi photo of the user's fingerprint from a glass surface, using graphite dust or cyanoacrylate
      --Clean up and invert the photo with PhotoShop
      --Laser print it at 1200 dpi onto a transparent sheet
      --Lay pink latex milk or white wood glue over the printout and allow it to set.
      --After it's cured, peel the fake print off and breath on it to produce a layer of moisture
      --Then apply it to your finger

      --Then you have to hope that the owner hasn't simply used "Find my iPhone" to wipe their phone remotely, call the cops, lead them to your exact location and bust your ass while you're in the middle of the above.

      I suppose you could steal the phone after doing everything else, but that still seems like a hell of a lot of work to go through, and you'd still only have a few minutes in most cases to pull it off before they wiped the phone and busted you.

      Unless you're in the middle of a real-life James Bond/Jason Bourne thriller, I just don't see this as being a plausible scenario.

      Furthermore, code cracking software can already crack a simple 4-digit pin number in seconds (only 9,999 possible combinations...that's a snap for lots of hacking programs).

      I'm not gonna say that there's nothing to see here, but it's certainly not much.

      •  It doesn't have to be impossible to crack (3+ / 0-)
        Recommended by:
        Deep Texan, Bill W, Brainwrap

        It just has to deter most people most of the time.

        I mean, I can watch someone enter their pin number over their shoulder and then steal their phone and access it.

        For example, my friend is an elementary school teacher and this kind of attack poses significant danger to her if she is careless in a room of 25 not-stupid kids if they can get ahold of her phone. However, the "someone might laser print her fingerprint" attack is something she is just not concerned at all with.

        Her security has been greatly increased despite this "added" attack vector.

        (-5.50,-6.67): Left Libertarian
        Leadership doesn't mean taking a straw poll and then just throwing up your hands. -Jyrinx

        by Sparhawk on Mon Sep 23, 2013 at 06:57:57 PM PDT

        [ Parent ]

      •  I'm trying to picture NSA operatives doing that... (1+ / 0-)
        Recommended by:

        with millions of iPhones.

        Well, if they can read a few billion personal emails a day, I guess they can do anything.

        The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness. -- John Kenneth Galbraith

        by richardak on Mon Sep 23, 2013 at 11:38:24 PM PDT

        [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site