apples fingerprint scanner hacked 2 days after release

...video at the link. BOSTON (Reuters) - A group of German hackers claimed to have cracked the iPhone fingerprint scanner on Sunday, just two days after Apple Inc launched the technology that it promises will better protect devices from criminals and snoopers seeking access.

If the claim is verified, it will be embarrassing for Apple which is betting on the scanner to set its smartphone apart from new models of Samsung Electronics Co Ltd and others running the Android operating system of Google Inc.

Two prominent iPhone security experts told Reuters that they believed the German group, known as the Chaos Computing Club, or CCC, had succeeded in defeating Apple's Touch ID, though they had not personally replicated the work.

One of them, Charlie Miller, co-author of the iOS Hacker's Handbook, described the work as "a complete break" of Touch ID security. "It certainly opens up a new possibility for attackers."

Apple representatives did not respond to requests for comment.

CCC, one the world's largest and most respected hacking groups, posted a video on its website that appeared to show somebody accessing an iPhone 5S with a fabricated print. The site described how members of its biometrics team had cracked the new fingerprint reader, one of the few major high-tech features added to the latest version of the iPhone.

The group said they targeted Touch ID to knock down reports about its "marvels," which suggested it would be difficult to crack.

"Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," a hacker named Starbug was quoted as saying on the CCC's site.

The group said it defeated Touch ID by photographing the fingerprint of an iPhone's user, then printing it on to a transparent sheet, which it used to create a mold for a "fake finger."

CCC said similar processes have been used to crack "the vast majority" of fingerprint sensors on the market.

"I think it's legit," said Dino Dai Zovi," another co-author of the iOS Hacker's Handbook. "The CCC doesn't fool around or over-hype, especially when they are trying to make a political point."

Touch ID, which was only introduced on the top-of-the-line iPhone 5S, lets users unlock their devices or make purchases on iTunes by simply pressing their finger on the home button. It uses a sapphire crystal sensor embedded in the button.

Data used for verification is encrypted and stored in a secure enclave of the phone's A7 processor chip.

Two security experts who sponsored an impromptu competition offering cash and other prizes to the first hackers who cracked the iPhone said they had reviewed the information posted on the CCC website, but wanted more documentation.

"We are simply awaiting a full video documentation and walk through of the process that they have claimed," said mobile security researcher Nick DePetrillo, who started the contest with another security expert, Robert Graham. "When they deliver that video we will review it."

The two of them each put up $100 toward a prize for the contest winner, then set up a website inviting others to contribute. While the booty now includes more than $13,000 in cash, it was not clear that the CCC would receive the full payout, even if DePetrillo and Graham declared them winners.

A micro venture capital firm known as I/O Capital, which had offered to pay $10,000 of the prize money, issued a press release late on Sunday saying that it would make its own determination about who won the contest.

(Reporting by Jim Finkle; Editing by Edwin Chan and Christopher Cushing) http://www.huffingtonpost.com/2013/09/23/iphone-fingerprint-hacked_n_3973602.html

 

apple, the company that revolutionized the way white people wait in line....

 

...if this is true and the hack can be duplicated then there goes the sales pitch. the gold phone looks nice tho.

 

Sure, if you drive something like this

 

If you're an enwurd.

 

...yeah that's true its kind of loud but so far its the most unique thing im seeing as far as new goes. I haven't turned on my ipad in months, I don't even know if its upgradeable or if I even care. yeah I can see the gold phone is going to have a lot of appeal with street rats. and others im sure.

 

Go to 1:45. Job's best friend will tell you what is coming. Or not...
[video=youtube;4bj239x9aJ4]http://www.youtube.com/watch?v=4bj239x9aJ4[/video]

 

...and to people with a 600 dollar a month lease on a new bmw.

 

So what's the real life danger here? Should I worry that someone is going to lift my print and create a fake finger to access my iPhone? Seems like a lot of trouble to get into my phone. In real life I'm sure it's still 1000 times more secure than some pin code. Besides, what would you have on your phone that is so desirable that someone would go through all that trouble? Answer....nothing.

 

Or vacuum cleaner salesmen with leased Cadillacs...

:

 

I'm just happy that they don't have to cut off my finger to break into my phone. This seems like the lesser of two evils.

 

But if that same print can be used to make purchases etc. What if you were able to steal a phone from ehhh, I dunno... Howard?

 

Can you buy cockold porn at the iTunes Store?

 

...yep but you don't need this guy to tell you that if your eyes are open even a little bit. look at the stock market graph. that's why I say sell that shit now while you still have some bragging rights, its worth about half of what it was. steve jobs was not only a visionary but a great pitchman, when he displayed the product you knew it was HIS baby.

 

...this highlights some concerns over biometric tech. http://www.digitaltrends.com/mobile/apple-touch-id-al-franken-asks-if-fbi-can-get-fingerprints/

 

So, if I am reading this correctly, the hacker needs my iPhone and it also needs to find something with my fingerprint on it...and it has to be the fingerprint of the finger I'm using to unlock my phone?

Hackers aren't what they used to be...

 

...I don't think so. in the video at the link the guy put scotch tape over his fingertip and was able to access the phone. I suppose this would concern someone who has personal info or pics on their phone. those things are a concern for any phone user but this scanner technology was presented as a solution.

 

Franken makes a good point that a code can be changed and doesn't identify the user whereas, a fingerprint is yours until the end and can't be changed.

 

He was first and foremost a salesman. He was never really an inventor. He came up with innovative ideas and knew the people to go to to make them reality.