Apple Touch ID hack was easier than expected
Posted on 25 September 2013.
It has been confirmed: Starbug of the German Chaos Computer Club has received the crowd-sourced prize for hacking Apple's Touch ID security feature.

As he explained to Ars Technica, the hack was easier than he expected - instead of the week or two he hoped would take him to do it, it took him 30 hours, and he says with better preparation it would have taken approximately half an hour.

"You basically can do it at home with inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs. And it will only take you a couple of hours," he shared. "The techniques are actually several years old and are readily available on the Internet."

Nevertheless, he considers Touch ID to be a very reliable fingerprint system, but says that Apple should have touted its convenience, and not claimed it was safe.

Lookout security researcher Marc Rogers has tried to replicate Starbug's hack, and has managed to do it with some changes to make it easier.

"Yes, TouchID has flaws, and yes, itís possible to exploit those flaws and unlock an iPhone. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial. Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician," he wrote, and shared his own take on the hack.

"TouchID is not a 'strong' security control. It is a 'convenient' security control," he says, pointing out that it will protect your data from a street thief that grabs your phone or in case you lose your phone, but not from a targeted attack.

"A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isnít a threat that many of us face," he added.

But while it got the most attention, Touch ID is not the only security feature to have been showcased by Apple when releasing the new iPhones and iOS7 - check out the reactions from the security community to iOS 7 to learn more about them.







For in-depth information on this new release, read the free guide to iOS 7.





Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //