Apple Touch ID hack was easier than expected
Posted on 25 September 2013.
It has been confirmed: Starbug of the German Chaos Computer Club has received the crowd-sourced prize for hacking Apple's Touch ID security feature.

As he explained to Ars Technica, the hack was easier than he expected - instead of the week or two he hoped would take him to do it, it took him 30 hours, and he says with better preparation it would have taken approximately half an hour.

"You basically can do it at home with inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs. And it will only take you a couple of hours," he shared. "The techniques are actually several years old and are readily available on the Internet."

Nevertheless, he considers Touch ID to be a very reliable fingerprint system, but says that Apple should have touted its convenience, and not claimed it was safe.

Lookout security researcher Marc Rogers has tried to replicate Starbug's hack, and has managed to do it with some changes to make it easier.

"Yes, TouchID has flaws, and yes, itís possible to exploit those flaws and unlock an iPhone. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial. Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician," he wrote, and shared his own take on the hack.

"TouchID is not a 'strong' security control. It is a 'convenient' security control," he says, pointing out that it will protect your data from a street thief that grabs your phone or in case you lose your phone, but not from a targeted attack.

"A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isnít a threat that many of us face," he added.

But while it got the most attention, Touch ID is not the only security feature to have been showcased by Apple when releasing the new iPhones and iOS7 - check out the reactions from the security community to iOS 7 to learn more about them.







For in-depth information on this new release, read the free guide to iOS 7.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //