Cracked Already: Chaos Computer Club Crack’s Apple’s New TouchID

by Kyle in Apple, Featured, iOS
0 Comments 0 Like 14,788

TouchID, Apple, iPhone, iOSGermany’s Chaos Computer Club has reportedly cracked Apple’s newest feature, TouchID. As you probably know, people lucky enough to pick up an iPhone 5S this weekend are able to open their iPhone and charge their iTunes account with a simple thumb print.

Using some pretty comprehensive technology, the fingerprint scanner, built into the iPhone 5s’ home button, scans the users fingerprint. Rather than comparing it to a stored fingerprint locally or on a server,the technology compares the data in the fingerprint to verify the identity of the user. It also requires that the user be alive, breathing and attached to the person it belongs to.

For their customer’s protection, Apple has blocked the TouchID feature from developers. Apple insists that no one actually has a saved version of the fingerprint, but for now the technology is protected from anyone not working at One Infinite Loop.

Well despite being protected from developers, hackers have been able to crack the TouchID feature.

The biometrics team at Germany’s Chaos Computer Club were able to use a hacking technique that dates back to 1994 in order to breach the TouchID security.

The blog nakedsecurity has simplified the procedure for cloning fingerprints and then unlocking an iPhone 5s to these 7 steps:

  • Take a hi-res (2400dpi) photograph of the fingerprint.
  • Digitally invert the image so that the valleys of the print are black.
  • Laser print (1200dpi) the image with a very thick toner setting.
  • Smear white woodglue (or latex) over the printout and allow to set.
  • Carefully peel off the glue or latex sheet.
  • Breathe on the surface so it’s slightly moist and conductive.
  • Unlock phone.

What’s more in this story is that the hackers at Chaos Computer Club didn’t use a picture of the iPhone owners fingerprint to clone, rather they lifted the print off of a glass surface and were able to make a working duplicate.

Now obviously this is a lot of steps to take to just get access into someone else’s iPhone, but it sure beats cutting a finger off  (which won’t work anyway).

EECincyBanner

Apple Leaves Finger Print Scanner, TouchID Untouchable To Developer’s And Startups

by Kyle in Apple, Developer's Corner, Featured, Startups
1 Comment 0 Like 15,005
Apple, iPhone 5S, TouchID, developers, startups, mobile wallet

(photo theverge.com)

Apple’s CEO Tim Cook, alongside executives Jony Ive and Phil Schiller, took to the stage today at their Cupertino headquarters to unveil the new iPhone 5c and the iPhone 5s. If you’re a frequent reader of technology blogs, you’ll notice that most of the leaked specs actually came to fruition.

Normally when we are building up to an Apple product release there are several “features” that may seem a little outlandish. Often times they don’t actually pan out. In fact there were 127 rumors of Apple changing phone sizes over the years. Only one time were they actually correct.

One of those rumors this year was a “finger print scanner” that would somehow be baked into the new iPhone. Many pundits said no-way was Apple going to put a finger print scanner on their phone. Well they have. Which actually makes a whole lot of sense after seeing leaked photos of a new home button.

As you can see from TheVerge’s photo above the home button now dubs as a fingerprint scanner. When talking about it on stage, Apple execs said that it provides a new layer of security for those who feel a 4 digit code is too “cumbersome”. Of course a finger print scanner also provides an extra layer of security for people who typically use easy to guess four digit codes.

The finger print scanner, dubbed “touch ID,” can work with multiple finger prints, and with any kind of human finger print it takes into account arches, loops, and whorls. CSI Las Vegas fans, you know  what I’m talking about.

In this generation of the iPhone, the TouchID is seen strictly as a security layer for the walled garden within your iPhone. Apple did say you will be able to use your finger print to authorize purchases from the iTunes store. They didn’t say whether you would be able to use it to validate in store purchases with the Apple store app, but that is very possible.

What Schiller was very specific about, though, was that the TouchID information would not be available to other software. Period.  It’s never uploaded to Apple’s servers or backed up to iCloud. The Verge’s Dieter Bohn reported in their live blog.

What is possible is that Apple’s Passbook and future apps designed around security and purchasing will most likely benefit from access to the TouchID, but for now startups hoping to disrupt the mobile wallet with a tie-in to Apple’s Touch ID will find it, well, untouchable.

EECincyBanner