• Hacker Claims Touch ID Can Be Circumvented with a Few Photos of Your Finger



    The Chaos Computer Club, which is the largest collective group of hackers in Europe, have recently claimed to come up with a way of reproducing fingerprints by using only a handful of photos showing your fingers. Hacker Jan Krissler, also known as “Starbug,” claims to have managed to copy the thumbprint of German Defense Minister Ursula von der Leyen. He will be speaking at the 31st annual Chaos Computer Club convention in Hamburg, Germany to showcase his findings.

    The whole task of circumventing Touch ID was accomplished by using the commercially available software, VeriFinger, which uses a close-up picture of von der Leyen’s thumb, taken from a news conference in October alongside a few other photos showing different angles of the fingerprint. This highlights that security measures such as Touch ID can conceivably be hacked using only a few photos. As a result, Krissler believes that politicians will be forced to ‘wear gloves when talking in public” from now on if they want to continue to remain protected.

    Ironically, this isn’t the first time the security of Touch ID has been called into question by the CCC either. The group has claimed that it is possible to unlock an iPhone using a fingerprint replicated with latex as well in the past. As with that example, the latest way of working your way around Touch ID may be possible under lab conditions but it won’t be a quick and easy, every day type of hack.

    That being said there is no one system that is perfect and you’re at a larger risk from having someone steal your iPhone and making you unlock it yourself than you are with someone taking pictures of your fingerprints and reconstructing your fingerprint from scratch.

    The issue as a whole is still worthy of being aware of. What do you think of the whole ordeal? Share your thoughts and comments below!

    Source: VentureBeat
    This article was originally published in forum thread: Hacker Claims Touch ID Can Be Circumvented with a Few Photos of Your Finger started by Akshay Masand View original post
    Comments 16 Comments
    1. jsuddu0109's Avatar
      jsuddu0109 -
      Quote Originally Posted by Akshay Masand View Post

      That being said there is no one system that is perfect and you’re at a larger risk from having someone steal your iPhone and making you unlock it yourself than you are with someone taking pictures of your fingerprints and reconstructing your fingerprint from scratch.
      Yeah, that pretty much sums it up. I don't think the general public has anything to worry about with this.
    1. thumper_net's Avatar
      thumper_net -
      problem with touch id is you only need some tape and a finger print on the iphone to access the phone , would be better if the touch id also required a pulse , till then its a gimic and dangerous if you have apple pay on your iphone , as to be safe you would need to clean your screen everytime you finish using it and who does that?
    1. novadam's Avatar
      novadam -
      Quote Originally Posted by thumper_net View Post
      problem with touch id is you only need some tape and a finger print on the iphone to access the phone , would be better if the touch id also required a pulse , till then its a gimic and dangerous if you have apple pay on your iphone , as to be safe you would need to clean your screen everytime you finish using it and who does that?
      so what you're saying is: if I leave my phone sitting around, someone MIGHT be able to lift my print and MAYBE use that to get in and use my Apple Pay. That is, before I remotely wipe the phone from my iPad or my computer or my wife's iPhone.

      That's a "gimmick" and is "dangerous."

      But if I leave a physical credit card sitting somewhere, someone can DEFINITELY take it and use it (before I call and cancel the card). And, once I've canceled it, I can't use that card again until the new one is mailed to me -- unlike when I wipe my iPhone and can still use the physical credit card.

      That physical credit card is NOT a gimmick and is NOT "dangerous."

      Well, I disagree. I think Apple Pay, even with the possibility that CSI Miami might be able to use it once or twice before I remotely wipe my phone, is more secure and convenient than a physical credit card.
    1. bigboyz's Avatar
      bigboyz -
      HA! But pictures of finger prints are so easy to come by haha!
    1. rodnutz's Avatar
      rodnutz -
      I honestly don't understand why everyone complains about these types of things when it should be clear to every adult who owns a CC that nothing is safe. Sure I don't want to have any of my information compromised, but we all have to understand that as smart as these innovators are there is always some out there smarter. The problem is when that smarter person is on the bad end of the spectrum. All we can do is use our CCs or innovation like Apple Pay to the best of our ability and pray we don't ever become a victim.

      Although I own an i6 I haven't used Apple Pay yet because I'm just to lazy to set it up. I am looking forward to the experience though once it becomes the norm.
    1. nick79's Avatar
      nick79 -
      Ill remember if I ever become famous to never give a thumbs up while being photographed.
    1. psxcancer's Avatar
      psxcancer -
      Agreed, if someone wants in bad enough, they will find a way. Your house, computer, car, locker and so on. I think it's safe to say the average user is okay. After all I believe Apple is offering reasonable security for your device.
    1. suicidesam's Avatar
      suicidesam -
      hell if they go through all that trouble to get an image of my finger print and manage to take my iPhone without me noticing...then guess what go ahead and buy yourself a latte.

      you have to much time on your hands to go though all that bs

      just my $0.02 😉
    1. LeslieBee's Avatar
      LeslieBee -
      I think this is a good reason to have an Apple Watch. If they get separated from one another, or the watch gets removed from the wrist, both should go into a higher security mode requiring a password and maybe more.
    1. fleurya's Avatar
      fleurya -
      Apple Pay actually saved me from CC drake on Christmas. After setting up my card I started getting notifications of every transaction I made. Which was mildly annoying. Then came Christmas morning when suddenly I got a notification of two purchases on MetroPCS made using my card. Obviously I didn't make them while opening presents with my family, so I immediately called and canceled the card. Had I not received the notification I would hypnotic have known if my card number theft for days.

      In this case my less secure physical credit card usage lead to the theft. Had the place I used it had Apple Pay, they wouldn't have been able to get my card number.
    1. fleurya's Avatar
      fleurya -
      Apple Pay actually saved me from CC drake on Christmas. After setting up my card I started getting notifications of every transaction I made. Which was mildly annoying. Then came Christmas morning when suddenly I got a notification of two purchases on MetroPCS made using my card. Obviously I didn't make them while opening presents with my family, so I immediately called and canceled the card. Had I not received the notification I would hypnotic have known if my card number theft for days.

      In this case my less secure physical credit card usage lead to the theft. Had the place I used it had Apple Pay, they wouldn't have been able to get my card number.
    1. LeslieBee's Avatar
      LeslieBee -
      Quote Originally Posted by rodnutz View Post
      I honestly don't understand why everyone complains about these types of things when it should be clear to every adult who owns a CC that nothing is safe. Sure I don't want to have any of my information compromised, but we all have to understand that as smart as these innovators are there is always some out there smarter. The problem is when that smarter person is on the bad end of the spectrum. All we can do is use our CCs or innovation like Apple Pay to the best of our ability and pray we don't ever become a victim.
      All very true. It's incredibly easy for someone with a cell phone to take a photo of someone else's credit card, front and back, while it's being used. Or for a pick-pocket to simply lift your wallet. It's much safer for the information to be hidden and encrypted, as with Apple Pay.
    1. thumper_net's Avatar
      thumper_net -
      some funny comments here , with only iphone 6 and 6 plus having apple pay its not worth the hassle outside of the usa , as android is the big player here , the iphone 4 is the biggest seller in 2014
    1. tv_21's Avatar
      tv_21 -
      Quote Originally Posted by thumper_net View Post
      problem with touch id is you only need some tape and a finger print on the iphone to access the phone , would be better if the touch id also required a pulse , till then its a gimic and dangerous if you have apple pay on your iphone , as to be safe you would need to clean your screen everytime you finish using it and who does that?
      Are you for real !
      To clone a bank card, folks went to lengths to design cameras and front end covers to cash machines. The outcome was they could steal thousands from your bank account. So to "steal" your finger print and phone go to these extreme lengths just to get $10 , you think "wow the RoI here is brilliant". Who could be bothered - no one, the investment required and effort they'd be better off working at McDonalds for an afternoon, or standing by the cash machine saying "buddy can you spare some change for a coffee"
    1. thumper_net's Avatar
      thumper_net -
      bank passes where i live now contain nfc chips and you can pay upto €25 for each transaction , so a thieves first choice before an iphone , knowone knows how safe apple pay will be as it does not work on older iphones , and by the time it could become a problem it will be dead and gone as every payment will come from smartwatches , which are crap , buggy gimics and that includes every android ware and apples watch , , the only smart thing androids version can do and thats work with any phone , where as apple require the 6 and 6+ to use it so $ 1000 to get one and $2000 if you treat the wife so a joke in that way as knowone without a screw loose would buy a watch and matching iphones to get the dam things to work , going by the speed of tech 2016 will be the year of the smartwatch and apple pay like siri will become a party trick for the kids
    1. LeslieBee's Avatar
      LeslieBee -
      Quote Originally Posted by thumper_net View Post
      bank passes where i live now contain nfc chips and you can pay upto €25 for each transaction , so a thieves first choice before an iphone , knowone knows how safe apple pay will be as it does not work on older iphones , and by the time it could become a problem it will be dead and gone as every payment will come from smartwatches , which are crap , buggy gimics and that includes every android ware and apples watch , , the only smart thing androids version can do and thats work with any phone , where as apple require the 6 and 6+ to use it so $ 1000 to get one and $2000 if you treat the wife so a joke in that way as knowone without a screw loose would buy a watch and matching iphones to get the dam things to work , going by the speed of tech 2016 will be the year of the smartwatch and apple pay like siri will become a party trick for the kids
      Crawl back under your bridge, troll. Shoooo!
  • Connect With Us

  • Twitter Box

  • Facebook