> If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone.
This is my main takeaway. I suspect the vast majority of iPhone users either do not secure their phone at all, or use a 4-digit PIN, and therefore are not protected against targeted attacks anyway. Touch ID can improve security for these users.
My main reason for protecting my phone is to prevent a scenario where it gets stolen, and the thief can access my data with reasonable effort. My secondary reason is to protect against snoopy acquaintances. A 4-digit PIN marginally achieves these goals: a typical thief is locked out, but a more sophisticated one can easily brute-force my code using commercially available tools.
What if I use Touch ID instead? It is very likely that a thief will not know who I am, and therefore will not be able to go around lifting my fingerprints. They might, however, try to lift prints off my phone. The way to protect against this is to only unlock the phone using my thumbs, because (per TFA) there are typically no good thumb prints on the phone itself. If I do this, then I will in fact be more protected than I would be using a 4-digit PIN.
A couple of caveats. After 5 rejected attempts the iPhone will fall back to asking for a PIN. It is therefore advisable to set a strong (longer than 4 digits) PIN here. Second, this of course may change if the 'secure enclave' that stores the fingerprint hashes gets hacked.
TL;DR: If you only use your thumbs to unlock your iPhone, Touch ID currently provides better security against typical threats than a 4-digit PIN.
It is also extremely easy for your acquaintances (or even patient thieves) to learn your PIN, unless you unlock in a weird, secretive way that is sure to cause teasing or funny looks.
In this way Touch ID is a far far superior defense against snoopy acquaintances unless you happen to be unconscious around them.
You can also disable the simple pin (4-digit) and switch to a real passphrase as the alternative authentication mechanism. So if the touch ID fails for whatever reason, you need to enter that complex passphrase (which should be a rare occurrence). I think that's more secure than a 4 digit pin also, which a friend or attacker could witness you entering from a distance.
Please know that the 4-digit pin is easily removed by someone with non-specialist tools that are widely available. Touch ID is too new to assess whether this is also the case for the new Iphone, but it's quite possible that there is a sufficiently clear fingerprint on the screen of your device already for reuse.
UPDATE
For more detail about how this is done, have a look at the current releases of jailbreaking tools. The general method is to perform a temporary jailbreak which allows the ability to SSH into the device and dump all the data.
In order to start bruteforcing the PIN using the current method, you need to get code running on the device before iOS has finished booting, which means a custom ramdisk.
Only pre-A5 CPUs are vulnerable to the boot-ROM exploit which allows a custom ramdisk to be uploaded.
The exploit is called "limera1n" or the "A4 boot-ROM exploit" if you're interested in learning more.
This is all correct. While there have been A5/A6 jailbreaks, none have been at a low enough level (not a bootloader exploit) to provide the facility to load a ramdisk so none of the above tool methods are compatible.
I've used msftguy's SSH ramdisk tool plus the iphone-dataprotection tools on Google Code. Takes about 20 minutes maximum to bruteforce the 4 digit PIN.
What the poster doesn't mention that this only works on devices with iBoot bootloader exploits, which is currently the A4/iPhone 4 and lower. The 4S, 5, 5S, 5C etc are all safe from this.
I'll be honest, I never saw finger print scanning as the next security measure, it was always about convenience to me. It's the same with PIN numbers, all someone has to do is stand next to you to see your PIN number and they are good to go.
True security comes from multiple layers of security, where the question changes randomly but you still know what the end result will be, much like a bank does when signing in.
When things become easier, it only remains easy to get in to it. The reason it isn't so easy right now is because it hasn't had to be so widely available. When TouchID becomes more popular, you will read more stories on how people have found easier ways of cracking it.
It's all about convenience. If you want security then it's TouchID from 5 fingers + 8 digit pin + your first dogs girlfriend's name.
Putting all the TouchID sucks / TouchID is great questions aside, can somebody help me understand how Apple (supposedly) is calculating a hash of a fingerprint and storing that hash in the phone, not the real fingerprint?
As I understand correctly, the purpose of a hashing function is to create totally different output even on a very minor change in the input data, which wouldn't work that great with fingerprints... or are they just using a clever hashing function which tries to somehow normalise the data before hashing them?
In short, they store a number of unique sub-regions of each 'enrollment' (a reading resulting in pixel data). These sub-regions – called 'spots' – can then be hashed and matched against future enrollments to provide a correlation score.
My guess is that they break the fingerprint into very small subsections and use those hashes to compare against. If they get matches in enough consecutive areas, then the phone unlocks.
Some hash functions are designed to produce very different outputs for very minor changes in input. (This is known as "cascade".) Others are designed to produce the same output for similar inputs.
i think the fingerprint reader extracts consistent data from the image of the fingerprint no matter how distorted it is, by say, looking at the relative position and translating the pattern of whorls into numbers, then that number is hashed.
> Next you have to “lift” the print. This is the realm of CSI. You need to develop the print using one of several techniques involving the fumes from cyanoacrylate...
Hmm, other people seem to have demonstrated an 'attack' that uses ordinary photography to capture the print, and a much simpler process to reproduce it than the one described in OP too.
OP may be right that TouchID is an appropriate level of security for many users/usecases. All security is tradeoffs, none is unattackable.
But OP seems to be over-estimating the amount of work it takes to reproduce the fingerprint, according to the Germans.
Additionally, if phones locked only with TouchID become common, I would expect criminal networks to develop and share standardized processes and devices to do it, lowering the barrier further.
The author did mention the laser printer technique, but decided to go for etching instead. Maybe because they didn't have a laser printer. The greatest difference to me was lifting the print with special tape, guarding against distortions but risking smudging.
It was clearly a bunch of work, but measured in hours.
The first rule they teach at "Hacking" class is "Nothing is 100% secure, and never will be". So this should not be any surprise that iPhone touch id gets hacked. So instead of thinking how to "100% secure" a product, we should focus that how to make it x% more secure than before. And that's what awesome engineers at apple did. So we should be happy that instead of copying someone's else devices, there are some engineers that are really into improving what is already there.
I think most people who are upset about this at the very least realize that a 4-digit PIN is not much, if any better. People are probably annoyed by Apple's marketing mumbo jumbo about about scanning sub-epidermal skin layers, etc., while (as shown) it is not that much better than existing fingerprint scanners.
Well, the guys who hacked it said you did need a higher resolution picture/duplicate of the print, which may not be that big of a deal, but it is an improvement.
I still think that they didn't "Hack" the TouchID as they claim. Faking a finger print is one thing, but truly hacking it is completely another.
Imagine a scenario in which you find an iPhone (or "borrow" it) - how do you unlock it without knowing the owner and having access to their fingerprints? You don't, not with this "hack".
A cool demonstration of the fingerprint lifting technique though.
Glass is a good surface for lifting fingerprints from, and the phone itself is likely to have multiple fingerprints of the user on it, but even if not it's not too hard to get fingerprints from someone without their knowledge.
I believe the article mentions that the iPhone is a relatively poor surface to obtain fingerprints from because there's an extremely high chance they would already be smudged.
The question of whether fingerprints obtained this way are good enough to fool TouchId is still unanswered.
If it were this easy, why do the hacks use carefully made fingerprints from clean polished glass?
What matters is not whether one pristine fingerprint can fool TouchID (note that we don't know how many failed attempts were made), but what percentage of fingerprints found in the wild can fool it.
Which is exactly why I don't anyone of these "hackers" deserves the bounty people set out for this.
It explicitly states "prints lifted like from a beer mug" and so far, all I have seen were prints lifted in a laboratory setting. Nothing real world about it.
Hope Apple doesn't try to own "fingerprint sensors in phones". Pretty sure the tech is up for grabs?
I like my Galaxy S4, but I wouldn't mind easier phone unlocking. Even better than fingerprinting, I wish I could draw an unlock pattern in the shape of whatever I wanted, a higher resolution pattern with visible brushstroke. Subtle unlock patterns would then be possible. You'd need a good algorithm to allow some difference in the reproduced pattern, while remaining high resolution enough to provide thousands more combinations than 4 digit pins.
Paint to unlock - that's what I need, if anyone wants to make that as an app for Android, I'd buy it for a dollar!
Apple acquired Authentec for it, so it's going to be difficult for competitors to replicate it. I'm sure there are other vendors that provide fingerprint sensors, but their implementations of it and how the tech works probably isn't going to be the same.
"If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone."
If the issue is smudgy prints, I wonder if some image processing could improve results.
Why do I need a password on my phone?
1. If it gets stolen or lost I can be assured my data is safe
2. From law enforcement (if I get pulled over for speeding or arrested for "disorderly conduct" there is no reason they need access to my work emails, photos, etc)
3. From snooping/mischevious kids, wives, friends, girlfriends etc.
The fingerprint scanner only protects from #1, and is worse for 2 & 3 (the police just put my finger on the phone, and my girlfriend just waits until I'm asleep to put my phone on my finger... My overall security has gone down considerably for a modest gain in convenience
I feel like the probability of the 'average' user having his/her phone stolen is much greater than that of being compelled to unlock his/her phone by police or a significant other.
While I would prefer two-factor authentication with TouchID, I still feel like this implementation protects the user from the lowest common denominator (i.e. petty theft).
I use my thumb with my iPhone all the time. In fact, the main thing that kept me from switching to an Android phone last summer was the discomfort I experienced trying to reach the edges of the screen on the devices I tried out.
Tried Firefox 25 beta and 26 aurora from the site on Linux, with same bad rendering. Perhaps it renders things differently on the Mac, or uses different versions of libraries there.
Fingerprint readers were always a joke and unreliable. Like on old IBM Thinkpads. Nobody used them, people "hacked"/fooled them easily. I was surprised that Apple brought them back, probably just for convienience reasons.
I'd say this is probably the first time it's done right on a popular computing device (to my knowledge). Previous fingerprint scanners always required the finger swipe gesture, which was frustratingly difficult to get right.
Just like the pattern lock (or face unlock and its variations) on Android phones, the idea is to encourage users to have at least some protection.
As an Android phone user, I hope to see this being adopted by the Android manufacturers (and I hope the Apple camp would shut up about people copying their idea).
I think it is kind of shocking how much brand dominance apple has.
Loads of companies used fingerprint readers and it it was a conversation for a few days at most. This has had an article on hn every day for at least a week.
This was exactly the rap Apple got when they released a touchscreen phone. Then, when it was released, people grudgingly attributed its superior responsiveness to the fact that it used a capacitative touch screen. 4 years later, their major competitor is still introducing improvements (Project Butter) to get their OS/devices in the ballpark of the responsiveness of years old devices. And their touchscreen latency is still markedly superior as shown in benchmarks.
I use fewer and fewer of their products, but to me it's shocking how much of Apple's success is still attributed to brand and marketing - I don't know how you could argue that anyone else is the gold standard for hardware/software integration in consumer devices. If anything, their marketing glosses over the exacting level of fit and finish that obviously go into these things.
Am I the only one thinking that touchscreens are fingerprint magnets. I mean, you lose your phone, I wonder what the likelihood is that the print needed to unlock is right there on the phone itself.
A clear and precise fingerprint? The chances aren't good, I'd imagine. Indeed, you'd be far more likely to figure out their passcode or "swipe pattern code."
> If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone.
This is my main takeaway. I suspect the vast majority of iPhone users either do not secure their phone at all, or use a 4-digit PIN, and therefore are not protected against targeted attacks anyway. Touch ID can improve security for these users.
My main reason for protecting my phone is to prevent a scenario where it gets stolen, and the thief can access my data with reasonable effort. My secondary reason is to protect against snoopy acquaintances. A 4-digit PIN marginally achieves these goals: a typical thief is locked out, but a more sophisticated one can easily brute-force my code using commercially available tools.
What if I use Touch ID instead? It is very likely that a thief will not know who I am, and therefore will not be able to go around lifting my fingerprints. They might, however, try to lift prints off my phone. The way to protect against this is to only unlock the phone using my thumbs, because (per TFA) there are typically no good thumb prints on the phone itself. If I do this, then I will in fact be more protected than I would be using a 4-digit PIN.
A couple of caveats. After 5 rejected attempts the iPhone will fall back to asking for a PIN. It is therefore advisable to set a strong (longer than 4 digits) PIN here. Second, this of course may change if the 'secure enclave' that stores the fingerprint hashes gets hacked.
TL;DR: If you only use your thumbs to unlock your iPhone, Touch ID currently provides better security against typical threats than a 4-digit PIN.