Group that hacked Touch ID last year, is back with an easier way to fool your fingerprint scanner

Group that hacked Touch ID last year, is back with an easier way to fool your fingerprint scanner
Apple's Touch ID not only allows you to unlock your phone using your fingerprint, it also allows you to verify an Apple Pay transaction. Your fingerprints are supposed to belong only to you, making identifications using them "positive." But what would happen if it turns out that a fingerprint scanner isn't such a great security tool?

A group of hackers, the largest such group in Europe, now says that they can take a few photographs of your fingers, and employ commercially available software, to break into a fingerprint recognition system. The claim was made by the Chaos Computer Club at their 31st convention. Using the VeriFinger software, the Club's Jan Krissler copied the thumbprint of German Defense Minister Ursula von der Leyen. Krissler used photos showing a few different angles of the Defense Minister's thumb to help produce the image.

If the Chaos Computer Club sounds familiar, you might recall that last year the group announced that it had developed a way around Touch ID on the Apple iPhone 5s. The process involved the production of a latex sheet that would include an image of the "stolen" fingerprint. The sheet would be used to trick Touch ID into believing that the phone's owner was pressing the handset's home button. The latest technique involves the use of a regular camera and widely available software. The pictures of the German Defense Minister's fingers used for the demonstration, were taken during a press conference in October.

This doesn't necessarily mean that fingerprint based security measures like Touch ID are useless. Nor does this mean that you should be wearing gloves at all times in case someone wants to snap pictures of your fingers. Just keep in mind that fingerprint scanners are just one tool in your arsenal against those who want to steal your personal data. This might be a wake up call for those who should be looking at multiple methods for securing their phone.


source: VentureBeat via RedmondPie

FEATURED VIDEO

30 Comments

1. darkkjedii

Posts: 31039; Member since: Feb 05, 2011

That's why not only do I have a passcode, but I also never under any circumstance lay my phone down. It's either in holster, or in my pocket. It's s also good that I'm not a target, people see me, and say nope not him, get someone else's.

8. Exempt1 unregistered

Pahaha, puny human, you're THE target.

11. Sir-Lancelot

Posts: 98; Member since: Nov 05, 2014

You're always targeted on here by most users. In real life, you're just a big adult, acting like a child....?

2. dirtydirty00

Posts: 428; Member since: Jan 21, 2011

...there also has to be a reason for them to WANT YOUR information... people see me and say nope not him because they could care less about getting my info.

18. AlikMalix unregistered

I agree with you. But it's "couldn't care less"...

20. darkkjedii

Posts: 31039; Member since: Feb 05, 2011

Nice correction.

22. Sir-Lancelot

Posts: 98; Member since: Nov 05, 2014

When did you become a police grammar? You couldn't read and write a year ago. Now whenever you find a error, you poke and troll other users.

25. g2a5b0e unregistered

"When did you become a police grammar?" Looks to me like you still can't read or write. I highly enjoyed the irony of your post though. Thank you.

28. AlikMalix unregistered

Sir-Lancelot, from now on, I shall call you "a police grammar"... A deserving title.. don't you think?

29. darkkjedii

Posts: 31039; Member since: Feb 05, 2011

From now on, I shall call you "Banned"... A deserving title.. Don't you think?

30. darkkjedii

Posts: 31039; Member since: Feb 05, 2011

Oops 22 my bad

31. Crispin_Gatieza

Posts: 3137; Member since: Jan 23, 2014

Wrong!! dirtydirty00 has it right. The correct usage is "could care less". "Couldn't care less" employs a double-negative. If you're going to be the internet grammar police, have the decency to know what you're doing.

32. g2a5b0e unregistered

It is "couldn't care less". It means that you literally cannot care any less than you currently do. To say you could care less means that there is still less caring to be done. It makes no sense. A simple Internet search will show you that. If you think that is a double negative, you also need to re-read the rules of grammar.

3. syncronyze

Posts: 103; Member since: Apr 26, 2014

This is just ridiculous. If someone wants to hack into your TouchID, it requires them to jump through loops like drawing a perfect replication of your fingerprint or getting the phone owner to make a perfect latex copy of their fingerprint...

4. Benoit

Posts: 57; Member since: Oct 16, 2014

yes, it's much easier to get the password just by looking over somebody's shoulder or by using a standard security camera... Of course it's not perfect, but it's more secure to use your fingerprint

6. NexusPhan

Posts: 632; Member since: Jul 11, 2013

And now apparently snap a photo of your finger while sitting nearby you too.

5. xtroid2k

Posts: 601; Member since: Jan 11, 2010

This article just shows that no matter how high tech the solution is. If someone is determined to get your info they will. We must understand these are tools used to deter your average Joe from trying to gain access. It's important to understand security comes through practice and not technology. As Technology advances so do people and so everything and everyone must be accounted for. Paranoid individuals prepare your self.

7. Furbal unregistered

Physical security trumps all. Keep the device with you.

9. darkkjedii

Posts: 31039; Member since: Feb 05, 2011

Exactly.

12. Sir-Lancelot

Posts: 98; Member since: Nov 05, 2014

Exactly.

13. AlikMalix unregistered

Exactly.

15. Tritinum

Posts: 471; Member since: May 06, 2014

Exactly.

16. syncronyze

Posts: 103; Member since: Apr 26, 2014

The opposite of inexactly.

26. g2a5b0e unregistered

Winner. +1

17. Mfa901

Posts: 291; Member since: Jul 14, 2012

Exactly...

19. Sir-Lancelot

Posts: 98; Member since: Nov 05, 2014

Exactly.

10. AlikMalix unregistered

I wish they actually show a video demonstration and strides necessary to work along with trial and error per fingerprint, per phone to be hacked. I feel just fine using nothing but a fingerprint as security as it is more convenient and the "who the hell cares about my ski-trip photos" and "$250 on my bank account" also plays a role... That said, I have been able to easily see anyone typing in passcodes or pattern unlock just by asking someone about their phone, or if they can check something online... Fingerprint is so much better in the everyday, day-to-day unlocking 100 times a day situations...

14. Crispin_Gatieza

Posts: 3137; Member since: Jan 23, 2014

Funny how security is unimportant when discussing BlackBerrys, but it becomes the number one topic when somebody else's favorite platform gets hacked to ribbons.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.