Chaos Computer Club breaks Apple TouchID

Just to keep things in perspective, the goal of Touch ID is not to be unhackable. The goal is to get more consumers to move from <i>zero</i> security to pretty good security.<p>A very large number of people don&#x27;t put any kind of passcode of any kind on their phone, simply because it&#x27;s inconvenient. Touch ID is designed for them. It&#x27;s not designed to secure nuclear footballs.<p>Touch ID is going to <i>massively</i> reduce the number of totally unsecured iPhones that require zero effort to access. That&#x27;s the goal.<p>I think some people see &quot;fingerprint scanner&quot; and think &quot;military-grade security&quot; because that&#x27;s where we&#x27;ve seen scanners before in movies and such. But this is really very much a solution for the consumer market, where <i>convenience</i> and <i>usability</i> are critical features of a security system. Sometimes infosec folks forget that. If you make it too hard to use (passcodes), people just bypass it. So you can blame the user, or you can try to design something easier to use. If in the end you&#x27;ve improved the overall security landscape, you&#x27;ve succeeded. I think that&#x27;s what Apple is doing here.

If we&#x27;ve learned anything over the past few months, it is that security is an illusion when it comes to Google, Apple and Facebook.<p>The fingerprint scanner is not intended to protect your personal data from being accessed by nefarious cyber-spooks or crackers. The $5 dollar wrench technique is fairly effective in bypassing such security anyway.<p>The fingerprint scanner is there so that when your phone is nicked by a mugger, they can&#x27;t reset to factory defaults and sell it on eBay. If some knife wielding thug that robs me of my phone has the intellectual capability of lifting my fingerprints off the case and then using them to bypass the security, he still has to know my AppleID password before he can remove the &#x27;Find my Phone&#x27; feature.<p>Give Apple a break. This is just another layer of security. It&#x27;s _not_ the panacea to all our security woes, and they have never claimed it was.

The <i>&quot;How to fake fingerprints&quot;</i> link [1], is one of the scariest things I have seen, given how simple it is, and how much we reply on fingerprints for linking people to crimes.<p>BTW, for anyone who does not know about Chaos Computer Club (CCC) [2], they run a massive conference in EU. You can look at some of their talks @ <a href="http://media.ccc.de/" rel="nofollow">http:&#x2F;&#x2F;media.ccc.de&#x2F;</a><p>[1] <a href="http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en" rel="nofollow">http:&#x2F;&#x2F;dasalte.ccc.de&#x2F;biometrie&#x2F;fingerabdruck_kopieren?langu...</a><p>[2] <a href="http://en.wikipedia.org/wiki/Chaos_Computer_Club" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Chaos_Computer_Club</a>

I think they&#x27;re missing the point. The passcode on an iPhone defends against other people in your environment - family members, coworkers, roommates - getting your information opportunistically. It doesn&#x27;t defend against hackers, the government, or even slightly savvy thieves.<p>Also, if a fingerprint sensor is significantly easier to use, and in practice will deter a class of privacy violations, it could increase overall security. This is a question you can only answer by looking how people behave, not solely with an analysis of the technology.<p>The fingerprint sensor worries me more that it records biometric information at all. It&#x27;s one thing to leave fingerprints all around your environment, but there is now the potential to steal your biometrics over the internet. The device supposedly hashes the data derived from your fingerprint, presumably with a hardware-based secret, but I worry someone will find a way around that. (EDIT: maybe this is physically impossible; can someone provide details?)<p>Also, the issues that CCC discusses about how fingerprint unlocking can be coerced are important. Many law enforcement organizations now have devices that can scan smartphone data, which is bad enough, but at least the use of those devices are controlled. A fingerprint sensor now allows a cop to handcuff someone, jam his or her finger onto the phone, and then to (for instance) delete an incriminating video.<p>Likewise anyone else willing to use force. Might become the next schoolyard amusement for bullies, if your kid has a smartphone.

Expected. Still much, much better security than no code at all. I will use it (with full knowledge of its downsides and tradeoffs) and it would behoove the CCC to not portray security as a binary state. (Just as much as it would behoove Apple to be truthful in their marketing.)<p>Don&#x27;t use it if thieves would consider going through all the effort of faking out the scanner. That&#x27;s what I take from this no doubt valuable and important work from the CCC.<p>(I assume that iPhone tracking and activation lock cannot be disabled with the fingerprint, so stolen phones will still be easily remotely wiped and bricked, with fingerprint or without. Thieves will have to be crafty and quick if the want to pull this off.)

I have accidentally seen basically all of my friends&#x27; passcodes as they type it in at bars etc. I could get into their phones easily. TouchID is more secure than that simply because someone needs to take a 2400dpi image of the person&#x27;s finger to do it.<p>Locks (when physical access to a device is available) are to keep honest people honest. Most security experts that I know agree that if an intruder has physical access to a device, it can be considered compromised because it is just a matter of time.

Considering that people generally don&#x27;t wear gloves when they use their phones this is like having a picture of your key on your door. Combine that with what we know you can do with pictures of keys[1] and yes it&#x27;s obviously not a very good idea.<p>[1]: <a href="https://news.ycombinator.com/item?id=6167246" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6167246</a>

In the comments there is so much focus on the convenient aspect of TouchID. I agree, but the main point I think is that we have a situation where:<p>- fingerprint authentication will be seen as more casual and mainstream than it was before [1]<p>- people will still leave fingerprints everywhere, including around and on the fingerprint sensors<p>- once a high resolution image of a fingerprint is done, it can be re-used for literaly a lifetime (imagine keeping track of someone for years and use his&#x2F;her fingerprints anytime it&#x27;s needed)<p>- if enough applications rely on fingeprint authentication, exchanging fingerprint databases might become lucrative enough<p>From this point of view, seeing TouchID as just a cute way adding some security to a phone is too candid I think. It will have an immediate positive effect for casual phone locking, but would bring much worse effects down the line.<p>Optimisticly no one would rely on fingerprints alone to authenticate users for anything important. But the definition of what&#x27;s important is blurry, and there is so many situations now where weak passwords are used, but it would be so tempting to switch to fingerprints (door unlock for instance...).<p>[1] laptops had finger unlock features for years now, but it never really made it to the wild masses I think. Fujitsu phones had a fingerprint reader too, but again, I don&#x27;t remember other makers picking up the feature.

This is a really silly statement - &quot;This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.&quot;<p>Sure, maybe you can bypass this mechanism, but as an everyday password, this is still a substantially easier tool than typing in a 4-digit password.<p>In fact, at least you cannot easily spoof my fingerprint at a public location, while you could certainly easily figure out my password by just standing over me when I type it. I wonder how many mall cameras, street cameras and all sorts of public surveillance cameras have all our passwords?

Of course they have broken it, I had no doubt it would be broken like any other fingerprint security system.<p>The issue here is that it&#x27;s ok, it doesn&#x27;t really matter. It is all about the amount of security you need. Does a normal user need unbreakable security? No. The security provided with this method is more than ok, it is kinda secure and it&#x27;s faster (imho) than writing your passcode. After all your &quot;enemies&quot; here are nosy friends or similar...<p>If you need &quot;unbreakable&quot; security then you shouldn&#x27;t use iphone or android, or you should use an specific secure storage application (cyphered content, hard to guess pass or whatever). If you need &quot;unbreakable&quot; security you better consider hiring a security consultant.<p>So, the question here is, are the security systems in mobile devices more than fine for most normal users? I guess so...

Here&#x27;s an idea that would improve security in conjunction with the new sensor:<p>Create a random pattern of ridges and, using the technique outlined in the OP, build a latex key. Attach that to your keychain (in some sort of case to improve durability, maybe). Then, enjoy 2-factor auth, between the phone&#x27;s pass code and the synthetic fingerprint.

What is the resolution of the fingerprint image stored in biometric passport, i.e., the kind of passport you need to enter the US?<p>Biometric passports store an actual fingerprint image and not just a hash like the iPhone 5S. So if the resolution was high enough, everyone with access to a biometric passport – for example by scanning people carrying such passports around at an airport – could forge fingerprints …

An interesting comment on the YouTube video: Not cleaning your iPhone is likely to leave fingerprint evidence&#x2F;marks directly on the device&#x27;s housing that could be faked.

&quot;[I]t is far too easy to make fake fingers out of lifted prints&quot;<p>Really? It seemed like this was a lot harder then just shoulder-surfing someone entering their passcode. Touch ID may be hackable, but this is still way harder for the average person to hack than a simple passcode.<p>AND it&#x27;s way easier to swipe your finger than type in a code! Touch ID can&#x27;t be worse for security; it appears it&#x27;s at least a bit better.

Talk about missing the point.<p>I dislike entering a passcode every time I pick up my phone. Yet if someone steals my phone or I leave it somewhere I don&#x27;t want someone to be able to access my photographs or my data.<p>Fingerprint sensor sounds like a pretty good solution to me.<p>Do I want Fort Knox security on my phone? No.<p>Could someone still access all my data even if it was secured with a passcode, certainly they could with physical access to the device and a couple of debugging tools they could lay it wide open.<p>So put simply, fingerprint is more convenient than having to type in a passcode. +1 for Apple<p>Good to know how easy it is to break though so no one gets carried away and starts using it for things worth breaking into.

They tried to make a fingerprint readers more sophisticated and added a temperature registers to avoid fakes or (more in more gruesome case - a cut off finger), but hackers managed to make so called rubber fingers or peel dead finger and fill with a warm salty water. Anything can be hacked.<p>But I think they are missing the point. If Apple wanted its phones to be a secure gimmick at Pentagon - that was silly. But for average user - nobody is going to steal your prints. It&#x27;s just a usability. For average Joe it is so much easier to tap with finger than type PIN all the time. But if you get specifically targeted nothing will save you.

Actually, this raises an interesting thought. Couldn&#x27;t a security-conscious user take advantage of this to turn &quot;something you are&quot; into &quot;something you have&quot;? Since you can train the sensor with anything, is there a market for semi-permanent, cryptographically-random... Thumb rings, or something?

Wasn&#x27;t Gruber getting awfully excited about how amazing and revolutionary Apple&#x27;s finger print sensor was?<p>Will he be claim chowdering?

I don&#x27;t think the goal of Touch ID is better security nor is it an attempt by Apple to prevent the loss of iPhones from theft. The goal of Touch ID at the end of the day is to make it easier for people to make purchases, entering passwords to make an iTunes&#x2F;App store purchase is a hindrance to Apple&#x27;s bottom line. Currently because of the steps involved, people have the ability to rethink their purchases during the time it takes to enter and confirm they want to make a purchase. Touch ID takes away a few seconds of time to make a purchase, touch your finger on the reader and BAM! instant purchase.<p>The steps in which the Chaos Computer Club took to break into an iPhone, no criminal would even think of undertaking. In the criminal world the longer it takes to steal something, the higher the chance you&#x27;ll be caught. It&#x27;s no different to an engine immobiliser that prevents a car from being stolen. If a criminal were to take their time, they could pop the bonnet and start the car, but most criminals will just take your stereo and car contents and leave the car if they can&#x27;t get it started within a couple of minutes...<p>Although, having said that. Apple&#x27;s marketing speak does make Touch ID sound much more secure than it actually is. This might come back to bite them in the behind one day if the wrong person has their iPhone and data stolen and decides to act upon Apple&#x27;s somewhat deceivingly clever marketing speak in a court room with dollars to spare.<p>And besides making it easier for people to spend money without having time to think, a fingerprint scanner to the not-so-technology inclined sounds futuristic and cutting-edge, which in turn will sell millions upon millions of iPhone units. While many who frequent HN can see past the marketing spin and realise a fingerprint scanner isn&#x27;t all that exciting or new, the lowest common denominator who buys an iPhone sees things differently.

I thought, based on anandtech review, that this scanner is not optical but electrical, hence &quot;sub epidermal scanning&quot;, so why does a printed finger work?

To be fair Apple hasn&#x27;t said anything about liveness checks or any other safeguards against faked&#x2F;duplicated fingerprints. All they talked about was how the fingerprint storage itself is secure, hardware level and local. The hack that gets the fingerprints off of the chip by exploiting some implementation related vulnerability would be a big deal.<p>TouchID is just another fingerprint reader - albeit one that&#x27;s easier to use.

Apparently a lot of people are much smarter than the people who built the technology. Kinda like everyone is better at cryptography than actual cryptographers. Nothing anyone says here is going to surprise the folks who designed it.

Kind of a &quot;well duh&quot; post. All of the image scan finger print readers are easy to game.<p>Even the ones that use capacitance can be beaten with a rubber glove and a copy of the finger print, printed on the latex. (the best is actually an Vinyl condom that doesn&#x27;t come pre-lubed, the ink sticks better and the vinyl is less of an insulator)

Great quote com CCC team:<p>&quot;Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.&quot;<p>It explains why Brazil is trying to put biometric scanners on the electronic voting machines.

First off I want to say I agree with most of the people here that Touch ID was not meant to be in breakable but rather an easy to use system that vastly improved users security over 4 digit PINs or no PIN.<p>That said, hypothetically, let&#x27;s say I get arrested and the police take my phone. My phone has my fingerprints all over it. What is to stop them, legally, from using my prints on the phone to unlock my device?<p>I say this not to spark an argument but as a real question, I bought an iPhone 5S and I really am interested to know if any law would protect my phone if it was taken in such a situation?

This isn&#x27;t new, some other guy broke TouchId by making a fake finger from gelatin and soy sauce.<p><a href="http://blog.fortinet.com/iPhone-5s--Basic-Fingerprint-Replication-Methods-Stymied-by-TouchID-Sensor/" rel="nofollow">http:&#x2F;&#x2F;blog.fortinet.com&#x2F;iPhone-5s--Basic-Fingerprint-Replic...</a>

Honestly, TouchID is better than what we have today; a 4 digit useless passcode. If somebody has to take a photo of my fingerprint off a glass surface to gain access to my phone, so be it.

Presumably solvable by using a digit that isn&#x27;t normally in contact with your phone - eg the pinky of your non-dominant hand?

Nice , The mythbusters did this in their fingerprinter scanner episode , although they didn&#x27;t have the iPhone5s but I am sure the same principle&#x2F;technique would work.

A further argument against biometrics, for those in the United States, is that your &quot;right to silence&quot; (under the 5th amendment) doesn&#x27;t protect you against the government compelling you to use your fingerprint to unlock something (however it does protect you against revealing a PIN code)...

These findings would have been more surprising if the fingerprints were taken from the phone itself!

Let&#x27;s think about the real point of Touch ID technology. Is it to secure your phone against high-tech criminals with a lot of time and resources? No; it&#x27;s to give you enough time to realize your phone is gone and remote wipe it via iCloud.

We see him register his index finger. Then he places his supposedly artificial index finger on his middle finger, and the phone unlocks.<p>Since it uses RF and goes beyond the outer layer of skin, how do we know that the middle finger wasn&#x27;t already registered?

I&#x27;d be interested on peoples&#x27; opinions, is this more or less secure than a 4-digit passcode?<p>From a real security perspective, users should have alphanumeric password, as far as I know, businesses often enforce this.<p>Obviously a 4-digit code is easy to brute-force on a computer, but it requires far more technical knowledge to do so - booting custom firmware, using some script to brute force, etc, and if the attacker doesn&#x27;t have the skills, they are limited to 10 tries, maybe more after waiting a few minutes or an hour.<p>It seems to me that, excluding users leaving smudges on their screen and seeing the passcode that way, a fingerprint is even easier to break than a 4-digit passcode.

&gt; The method follows the steps outlined in this how-to with materials that can be found in almost every household<p>I own almost none of the materials they list. They have a very different idea of what materials can be found in almost every household.

[Regarding the point that this is only supposed to be convenient for users, not to be unhackable...]<p>Today: &quot;Fingerprint scanning on my phone ... that&#x27;s super convenient.&quot;<p>Tomorrow: &quot;Fingerprint scan required by government ... oh well, I already use that on my phone.&quot;<p>FTA:<p><i>&quot;We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token&quot;, said Frank Rieger, spokesperson of the CCC. &quot;The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.&quot; Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown.</i><p><i>iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands.</i>

This is fairly unsurprising to anyone with even a modicum of understanding as to how these sensors actually work and the decade long history of researchers breaking them with Photoshop, gummy bears, latex and spit. What concerns me more is the claims they make about the &quot;secure enclave&quot;. Maybe I&#x27;m just paranoid, but historically if data does exist, then it will be abused. The TouchID sensor, coupled with its strong bullshit security claims by Apple, in addition to the claims made about how data is never sent by Apple because of the &quot;secure enclave&quot;, makes me think that this would be a very convenient way to create a global voluntary fingerprint database tied to every aspect of everyone&#x27;s identity without freaking anyone out. If a government were to release something like this, they&#x27;d be sued into the ground and screamed against for breaking core privacy covenants. But when Apple does it&#x27;s just brilliant and revolutionary.<p>Reasonable technically informed paranoia is what made the NSA releases fairly unsurprising to me as well. My rule with security is that if it can be done, then it will be abused. It&#x27;s basically a Murphy&#x27;s law for humanity.<p>Trust nothing. Trust no one. Doubt everything.

Some people seem to be forgetting what this is being used for.<p>This is an OPTIONAL replacement for the pass code.<p>However you feel about its level of security it is definitely more secure than a passcode which is the other option.<p>If someone wanted to target you for whatever reason then how long would they have to follow you with a high zoom camera before they would see you type the passcode in? The passcode&#x2F;touch ID is to stop opportunistic unlocks not a determined attacker.

If you&#x27;re really concerned about this, just register part of the finger that isn&#x27;t the tip, and get in the habit of smudging the home button afterwards. I usually only touch the phone with my finger tips or palm, and you could register, for example, a part of the finger under the knuckle that almost never touches the device except to authenticate the print.<p>Of course if CCC knows which finger was registered, AND has a perfect print left on the device AND they know which print corresponds to the finger registered on the device, of course they can crack it. But if they have to guess which print on the device cracks it, I&#x27;m willing to bet they trigger the 5 failed attempts which then requires a passcode (and 10 failed attempts wiping the phone, although this is optional).<p>This means there are more than 10 options (which finger AND what part of each finger) you could use as a print. The oft cited scenario of police being able to compel you to input your print assumes they know what part of your hand unlocks the phone. They can&#x27;t make me divulge the part of my hand thats registered just like they can&#x27;t make me divulge my password.

Important to remember Touch ID only gives you 5 tries before <i>requiring</i> the device passcode.<p>I wonder how many attempts the CCC guys had before they were successful?

Just in time. Who knows how long these research projects stay legal in Germany.

iOS security is trivial to break if you have physical access to the device. TouchID (and passcodes) should be considered little more than a convenience, not a serious security measure.

It is amusing to see thousands of unpaid apple PR workers spring into action, making sure no critical comment exists without a defence. Perhaps they feel their credibility is on the line, given how often they have sermonised on the genius&#x2F;quality&#x2F;beauty of their electronic device manufacturer of choice.

According to the adverts by Apple they specifically select certain points on the finger print and analayze then permit access. If such a technology is broken then I would assume their encryption on the A7 chip where the fingerprint is stored also can be broken.<p>If lots of people do not use passwords on their phones for the sake of comfort then it is not anyones fault that their phones are logged into or information stolen. Information is stolen because the user is lazy to secure the device.<p>When Apple says one can use finger print to do transactions then I have to assume that the transaction cannot be done by anyone other than me and by any other means through the phone.

I want to see this exact attack repeated based entirely on the fingerprints left on the device itself. It&#x27;s an all glass surface and we leave fingerprints everywhere, including on the device itself. It you are literally leaving the key all over the screen itself, this is pretty damning. I wouldn&#x27;t be surprised if an entire photograph of all the partials all over the screen could be used to reconstruct one full fingerprint of the desired digit.<p>Now that this type of security is on the iPhone, it is likely to become widespread, which will only further increase the value of improving attacks on this particular security measure.

<i>First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.</i><p>Yeah, easy as pie.<p>Finger chopping should be added to this xkcd:<p>Security:<p><a href="http://xkcd.com/538/" rel="nofollow">http:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;</a>

The amount of kool-aid drinking about TouchID in this thread: <a href="https://news.ycombinator.com/item?id=6403089" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6403089</a> is pretty staggering.

Looking on the video is very unsettling. I think the person needs some medication or something.<p><a href="http://www.youtube.com/watch?v=HM8b8d8kSNQ" rel="nofollow">http:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=HM8b8d8kSNQ</a>

Potential side effect of TouchID: Due to the mass marketing of this feature it becomes cool for people to learn how to copy fingerprints, causing a massive headache for forensics teams everywhere.

Wouldn&#x27;t it be ironic if the new iPhone 5S camera had a high enough resolution to take the photo of another user&#x27;s fingerprint off the screen of his or her phone? ;)

Dont panic! this loophole is easy to fix if AAPL gives free mittens(cuter than gloves) to its users with clear instructions to take them off only when unlocking the phone.

Much more convienient than a passcode with a little less security. I&#x27;d still use it unless I was a CIA agent.

So the big question is, how hard is it to get at 2400 DPI finger print?<p>They don&#x27;t show if they can scan the finger print off the phone. I would imagine that it could be quite tricky to get that level of resolution.<p>I would like to see a complete hack purely based on a finger print on the phone.

The comment was made, &quot;It&#x27;s not for people who care about security, it&#x27;s about people with no security.&quot;<p>But poor security just replaces no security with a fake sense of security. I&#x27;d argue that false security is worse than no security.

Can the fingerprint reader work with other parts of your hand ? For example if you can use the back of your finger or part of your palm then it could be a little more secure because you don&#x27;t leave the prints of these everywhere.

Guys from IsTouchIDHackedYet.com crowdfunded reward for hacking TouchID. I guess CCC won bounty worth over $10k. <a href="http://istouchidhackedyet.com/" rel="nofollow">http:&#x2F;&#x2F;istouchidhackedyet.com&#x2F;</a>

I&#x27;ve seen plenty of people &quot;hack&quot; the 4 digit password simply by observing the user entering it. This kind of hacking seems to involve even more work than that.

So much more secure than my house or car? Looks like it. Also probably buys me enough time to realize that my phone is missing and do a remote wipe.

It is a Touch screen !<p>YOUR FINGER PRINTS ARE ON THE PHONE...<p>Don&#x27;t lose it !! =D

Demo: (only 1 min)<p><a href="http://www.youtube.com/watch?v=HM8b8d8kSNQ" rel="nofollow">http:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=HM8b8d8kSNQ</a>

At this rate, no method of security is secure.

This will end Poopin&#x27; tweets. <a href="http://poopinrules.com" rel="nofollow">http:&#x2F;&#x2F;poopinrules.com</a>

even though it was almost expected to be bypassed easily, using fingerprints can still be handy if one wants to establish claim on a device. I believe the thinking was to provide a way to uniquely link the device to an entity - security was just a byproduct (but marketing trumpeted it)

Its an improvement. The typical pass has 4 characters so 10,000 possible combinations. Doing about 1 per second would find the password in the worst case scenario in about 3 hours; simply by trying all possible combinations.<p>I think trying to lift a usable fingerprint off a glass surface would be significantly more difficult than that.

Were people saying that this was secure? I thought it was just another fancy unlocking method like Google&#x27;s &quot;use your face to unlock&quot;

Kabel-salat ist gesund.

(Huge discussion here - lets add to it. ;-)<p>There are several things here that people in discussion seems to miss och confuse. I&#x27;ve been working with biometrics and can at least try to clear things up.<p>For authentication (and identification) of a user we have three types of information: Things you have (a hard token generator), things you know (password) and things you are (shape of face, gait, voice, pattern in the iris, arteries in the back of the eye, hand, DNA. And fingerprints). Measuring what you are info and using it is called biometrics.<p>For good security we normally want to have a combination of at least two of the types. OpenID using for example a Yubikey is a good example.<p>The good thing with biometrics is that the user always carry the info needed with him&#x2F;her. There are a few drawbacks though:<p>(1) The information is not very stable. It changes during the lifetime of the user. Sometimes it can be pretty rapid.<p>(2) The information is not very unique. Some types of biometrics is better than others. There is also differences in informational quality between individuals and ethnic groups. Depending on type of biometrics we get anything from a few bits to a few ten of bits. This means that it is not better than a good password that is 8 characters or more, but as good as or a bit better than a normal PIN code.<p>(3) The information is not under the users control and can&#x27;t readily be replace. <i>This</i> is one thing many here and elsewhere seem to have missed in the CCC announcement. The point is that you as a user can&#x27;t decide at any given time that you don&#x27;t trust you token anymore, invalidate it and get a new token. That is why biometrics is foremost a tool _for others_ to identify you (passports, forensics).<p>The reason fingerprint based biometrics is so popular (compared to other types of biometrics) is that it is possible to build compact, cheap sensors that are pretty easy to use and are simple to integrate into digital systems.<p>All types of biometrics are fuzzy. We normally talk about False Acceptance Rate (FAR), that is how often do we accept a biometric ID as valid when in fact it is not. And correspondingly we have False Rejection Rate, where a valid ID is rejected. Good biometric systems have FAR, FRR under 10%. But for a busy airport there is still quite a few mistakes during a day.<p>The way a fingerprint based biometric system normally works is that you have a sensor that creates an image (256 levels of gray scale or similarly). The image is then processed (differential filters etc) followed by feature extraction. The features are called minuae:<p><a href="https://en.wikipedia.org/wiki/Minutiae" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Minutiae</a><p>Typically sworls, where lines end, merges splits. Normally we find 8-10-15 or a few more good minutae in the image. Based on the location of the minutae we create a graph.<p>The graph is then stored (if registering a user - called enrollment) or compared to stored graphs. And here comes the fuzziness. The graph will not be similar so we simply can&#x27;t do a SHA-1 digest and match. The graph will be rotated, scaled, stretched, have fewer or more points. Basically fuzzy congruence matching with threshold.<p>The feature extraction can be done directly in the sensor. But in the case of TouchID I don&#x27;t think so. Apple bought Authentec and their area sensors (that can capture a whole image directly. Sweep sensors detect movement of a finger over the sensor, estimate speed and stitch image slices together) simply delivered a raw image. This means that the filtering, feature extraction and matching is done inside A7.<p>Apple has touted the security of the processing. Basically it is ARM Trust Zone used in several other devices.<p><a href="http://www.arm.com/products/processors/technologies/trustzone.php" rel="nofollow">http:&#x2F;&#x2F;www.arm.com&#x2F;products&#x2F;processors&#x2F;technologies&#x2F;trustzon...</a><p>TZ is good, but there has been attacks published. And there is nothing that says that Apple has not added a read port from the untrusted enclave into the memory of the trusted enclave. For efficient debug reasons for example.<p>So. Biometrics is fuzzy and will give false acceptance (as the main problem. rejextion is less of a problem). There is quite probably an image available in the A7 and we really don&#x27;t know if it and&#x2F;or the graph database is in fact accessible.<p>When it comes to the CCC attack - we simply don&#x27;t know if they tried lower resolution before ending up with 2400 dpi. I wouldn&#x27;t be surprised if it works (at least sometimes - fuzziness again) with lower resolution. Also attack always gets better. I&#x27;m prepared to bet a good IPA that someone within 2 years will show how he&#x2F;she can unlock a 5S just by smartly pressing on the home button while breathing to activate residue as fingerprint. It has been done with area sensors such as Authentecs before.<p>TouchID is good if it makes users without PIN to use it. But if it gets users with PINs stop using PINs, it is not as good. What would be great if we could combine TouchID with PIN or password. All the time.<p>I hope all this explains a few things. And remember, once again, the main problem with biometrics is that it can&#x27;t be changed at will by the user. Good for others, less so for the user.

<i>&quot;Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.&quot;</i><p>Yes

Not really anything new here. This was done a decade ago when bio-metrics were shown to be a weak form of authentication&#x2F;verification. Still, the iPhone scanner is a deterrent and thus adds value.

Overall security will be increased because of Touch ID because most people don&#x27;t use a pass code at all.

He is still using his finger behind the tape....

Despite all the claims of how insecure this is, I&#x27;ve just checked a bunch of my stuff. I cannot find a single clear print. There are a few smudged prints on my laptop and coffee cup. My phone is just smudges all over.<p>So what is a realistic way to clandestinely grab a print?

I am not impressed by this so-called hack at all. This is like people expecting encryption to solve both authenticity, integrity and confidentiality altogether by doing c = E(p,k). We want to see real hack as in actually bypass the system without any fingerprint, or a way to forge a fingerprint.