Apple Touch ID hack was easier than expected
Posted on 25 September 2013.
It has been confirmed: Starbug of the German Chaos Computer Club has received the crowd-sourced prize for hacking Apple's Touch ID security feature.

As he explained to Ars Technica, the hack was easier than he expected - instead of the week or two he hoped would take him to do it, it took him 30 hours, and he says with better preparation it would have taken approximately half an hour.

"You basically can do it at home with inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs. And it will only take you a couple of hours," he shared. "The techniques are actually several years old and are readily available on the Internet."

Nevertheless, he considers Touch ID to be a very reliable fingerprint system, but says that Apple should have touted its convenience, and not claimed it was safe.

Lookout security researcher Marc Rogers has tried to replicate Starbug's hack, and has managed to do it with some changes to make it easier.

"Yes, TouchID has flaws, and yes, itís possible to exploit those flaws and unlock an iPhone. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial. Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician," he wrote, and shared his own take on the hack.

"TouchID is not a 'strong' security control. It is a 'convenient' security control," he says, pointing out that it will protect your data from a street thief that grabs your phone or in case you lose your phone, but not from a targeted attack.

"A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isnít a threat that many of us face," he added.

But while it got the most attention, Touch ID is not the only security feature to have been showcased by Apple when releasing the new iPhones and iOS7 - check out the reactions from the security community to iOS 7 to learn more about them.







For in-depth information on this new release, read the free guide to iOS 7.





Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //