×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Crowdfunded Bounty For Hacking iPhone 5S Fingerprint Authentication

Unknown Lamer posted about 7 months ago | from the good-luck-with-that dept.

Iphone 148

judgecorp writes "There's more than $13,000 pledged for a crowdfunded bounty for bypassing an iPhone 5S's fingerprint reader. The bounty, set up by a security expert and an exploit reseller, requires entrants to lift prints 'like from a beer mug.' It has a website — IsTouchIDHackedYet — and payments are pledged by tweets using #IsTouchIDHackedYet. One drawback: the scheme appears to rely on trust that sponsors will actually pay up." Other prizes include whiskey, books, and a bottle of wine.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

148 comments

Why bother. (2, Funny)

stewsters (1406737) | about 7 months ago | (#44895561)

With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.

Re:Why bother. (5, Funny)

alen (225700) | about 7 months ago | (#44895595)

if you live close to a wal mart chances are your victim will have a gun and can defend him or herself

Re:Why bother. (4, Funny)

i_ate_god (899684) | about 7 months ago | (#44896111)

Walmarts exist in Canada too

But then again you wouldn't expect a Canadian to do such a brazen hack. Rather the Canadian would ask the other Canadian politely if they could use their phone, then quickly hop on their moose and ride off with it.

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896653)

Re:Why bother. (1)

K. S. Kyosuke (729550) | about 7 months ago | (#44897007)

Bah. I find it fascinating that the family of the victim sued for $150k for their son having gotten mutilated and his eyes eaten, while two passengers apparently sued for $3M each for having witnessing it, which I'm sure is so much more damaging.

Re:Why bother. (1)

Anonymous Coward | about 7 months ago | (#44896301)

but more likely shoot some innocent people in the area.

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896851)

1.Get the iphone owner drunk, no need to cut off anything.

or

2. Kids will wake before parents and grab parents iphone and then get the sleeping owner finger to play their games.

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44895709)

Reports indicate that won't work, so it would be more useful to use the machete to threaten the victim with amputation unless they unlock their phone.

Re:Why bother. (1)

h4rr4r (612664) | about 7 months ago | (#44896353)

Reports are wrong.
1. for several minutes it would be basically still alive
2. The threat of finger removal will get the phone unlocked in 99.99% of cases.
3. you can always skin the finger and wear it like a glove.

Re:Why bother. (1)

Penguinisto (415985) | about 7 months ago | (#44897339)

Err, some thoughts here:

1) The vast majority of smartphone thefts are 'smash and grab' jobs - that is, some dude gets his phone jerked out of his hand by some criminal already moving at a high rate of speed.

1a) Why? Because every second spent threatening the victim, watching him fumble through the unlock, etc, is another second more that the criminal can be identified, remembered, etc (not just by the victim, but by companions and passerby). It's also one more second for the victim (if suitably armed) to recover from the initial shock, and quietly reach for his own weapon. A $600 phone that one can fence for maybe $300-$400 at best isn't really worth those kinds of risks; most criminals are at least smart enough to know this (which is why most of them do the whole smash-and-grab thing in the first place.)

3) Great - you (the criminal) got the phone and it's unlocked. Now what if it takes some extraordinary measure to get the fingerprint ID changed on it (e.g. only the carrier or it's representative unlocks it, etc)?

Now yeah - if the reward for successfully stealing the phone and getting into it is great enough (e.g. the thing contains secret launch codes or some other fantastic nation-state-sized thing), *nothing* short of destroying the phone will stop you from finding a way into the device. However... this is a consumer device. It may have (at most) a banking app on it (which will require a password anyway), but is otherwise going to be largely useless. If it's used in BYOD (or even a full employer-provided phone) for work, ActiveSync (or whatever) will render at least that bit useless less than five minutes after the victim reaches another phone to call his/her employer and have it wiped.

Long story short? Yeah, it *can* be done, but the risks quickly outstrip the rewards.

==

As for TFA? Cool... now which finger? I never use an index finger for any biometric device... ever. That still leaves 8 to pick from if you want to lift my prints. If the thing locks solid after, say, 5 attempts? Well, your odds aren't exactly perfect, now are they?

Re:Why bother. (2)

ShanghaiBill (739463) | about 7 months ago | (#44895803)

With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.

Nope. The iPhone, like most modern fingerprint scanners, requires a pulse. A severed finger won't work.

Re:Why bother. (2)

stewsters (1406737) | about 7 months ago | (#44895871)

Doesn't matter. if you tell the person you are going to chop off their finger and have a machete on hand to do it, they most likely will want to reset their password for you.

Re:Why bother. (2)

geek (5680) | about 7 months ago | (#44895975)

Yes, and if you hold a gun to their head and make them do things you'll have broken their security. Seriously? Apple is damned if they do and damned if they don't with people like you.

Yes people may force their victims to do this, no it's not likely to be common. The point of the finger print reader isn't to somehow, mystically prevent an armed robber from getting into your shit. Its to keep purse snatchers and pick pockets from getting in as well as keeping it moderately secure should you forget it at a bar or airport.

Re:Why bother. (2)

mlts (1038732) | about 7 months ago | (#44896117)

I wonder when devices will start having a duress code where if swiped one way, the device opens normally. Swiped another way, device opens, but yet calls the local popo and reports a holdup in progress.

Even my 13 year old house alarm has that.

Re:Why bother. (1)

Quila (201335) | about 7 months ago | (#44897189)

That would be nice. Right thumb for normal operation, left middle finger (or one you'd never accidentally use) to come up with some generic looking data that'll get you off the hook, while your real data is wiping in the background.

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44897305)

I've not understood why duress codes are not present in more systems. For example, if overseas and the local police demand access to your company's username and password as part of a "routine" search.

This is stuff from the Security 101 guides from the early 1980s when numeric keypads were being placed on doors before HID badges became the norm.

It seems we have forgotten actual security these days, and what it means...

Re:Why bother. (1)

Kielistic (1273232) | about 7 months ago | (#44896167)

I don't think anybody is damning Apple for this. Especially not the original post that was just making a pun on the word hack.

Re:Why bother. (2)

ackthpt (218170) | about 7 months ago | (#44895949)

With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.

Nope. The iPhone, like most modern fingerprint scanners, requires a pulse. A severed finger won't work.

Arr, ye be only needin' a batt'ry and wires fer ye pulse o' a sev'red finger, matey. ox)P-)

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896115)

So just cut off the tip and put it over your finger, which has a pulse.

Re:Why bother. (3, Interesting)

CastrTroy (595695) | about 7 months ago | (#44895973)

Personally, living in Canada, I wish they would stop coming up with inventions that don't work in the winter. First, it's capacitive touch screens that won't work with regular gloves. Now we have special gloves with a special material on the fingertips so that you can use your tablet/phone with gloves. Then there's eBook readers, which advertise as being still readable in sunlight, but if the screen gets too cold, they don't refresh properly. Now they have fingerprint readers on the phone. So I have to take my gloves off, just to make a phone call. I'm tired of my hands getting cold!

Re:Why bother. (2)

noh8rz10 (2716597) | about 7 months ago | (#44895997)

why don't you get those gloves that don't have fingers, or take a glove and cut off one finger?

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896119)

or take a glove and cut off one finger?

And then you sew the finger on to the glove. Brilliant!

Re:Why bother. (2)

Kielistic (1273232) | about 7 months ago | (#44896225)

You underestimate how cold it is in some places / times. Some times you want full-on mittens because gloves of any kind are too cold.

Re:Why bother. (1)

noh8rz10 (2716597) | about 7 months ago | (#44896733)

you could have a mitten with a hole that you poke your finger through. I am having all the answers today!

Re:Why bother. (3, Interesting)

Kielistic (1273232) | about 7 months ago | (#44896783)

Holes are known for their efficiency at losing heat. If frostbite is a concern do not poke holes in your insulation!

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44897015)

Using my Galaxy S4, I can turn on extra sensitivity and use it as normal while wearing gloves. Sorry you want an apple :S

Re:Why bother. (1)

Dixie_Flatline (5077) | about 7 months ago | (#44897325)

You don't have to use the scanner. You can use the passcode any time you like. I keep my phone in my pockets in the winter as much as possible, personally. If I really need to make a phone call, well, it's probably pretty important to force me to contemplate doing it at -30C anyway, so I'll take my glove off for 3 seconds.

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896069)

Better yet, just go to Wal-mart and hack and shoot everyone showing off their new iphone.

I think that would be more fun than Pizza, Grand Theft Auto 5, and Goatse x.

USA USA USA!!

Re:Why bother. (0)

Anonymous Coward | about 7 months ago | (#44896105)

With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.

This is EXACTLY why I hate this kind of biometric authentication - for the sufficiently motivated person or organization, this is the easiest kind of security to defeat - all they have to do is cut a finger (or gouge an eye, if it's cornea scanning).

Re:Why bother. (1)

Anonymous Coward | about 7 months ago | (#44896217)

No, all they have to do to defeat this, and, any other system, is threaten any of the above, with a reasonable belief that it's true.

Re:Why bother. (1)

l0ungeb0y (442022) | about 7 months ago | (#44896189)

A fingerprint is not all that is required, the appendage leaving the impression must also have a faint electric signature only found in living tissue.
So it seems a severed finger would only serve to smudge the glass display.

'like from a beer mug' (2, Insightful)

Culture20 (968837) | about 7 months ago | (#44895569)

Or from the iPhone itself.

Re:'like from a beer mug' (4, Informative)

De Lemming (227104) | about 7 months ago | (#44895729)

As was explained in the Apple keynote, a capacitive (not optical) sensor is used, which scans sub-epidermal skin layers. So lifting a fingerprint will not work.

Here is an extensive explanation [macworld.com] of the technologies used.

Re:'like from a beer mug' (5, Interesting)

chihowa (366380) | about 7 months ago | (#44896039)

That's not an extensive explanation of how the technology works. The only description of how the sensor works from that article is this:

A capacitance fingerprint reader leverages a handy property of your skin: The outer layer of your skin (your dermis), where your fingerprint is, is non-conductive, while the subdermal layer behind it is conductive. When you touch the iPhone’s fingerprint sensor, it measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image..

So it's still measuring your fingerprint as made up of ridges and troughs, just using conduction instead of optics. So you lift a fingerprint from a glass, etch it onto a conductive substrate (that matches the dermis roughly) and put it on the sensor.

The sensor is likely looking at a fairly wide range of relative conduction between the ridges and troughs, so that it will work if your fingers are oily or sweaty or cold, so you wouldn't need to perfectly match the conduction of the user's actual finger.

Re:'like from a beer mug' (1)

Solandri (704621) | about 7 months ago | (#44897033)

My dad has abnormally dry hands and a thin (as in not very high) fingerprint ridge layer. He hates typing passwords so uses the same short password on everything. A few years ago I got him a Thinkpad with a fingerprint scanner in hopes of beefing up his security without much additional effort.

The scanner only works about 10% of the time on him. He doesn't use it because of the high failure rate. This tells me that although the tech may read some of its data from the interior structure of the finger, the majority of its functionality depends on the fingerprint ridges themselves. (And yes it's the same technology. Apple bought Authentec in 2012, Authentec bought UPEK in 2010, and UPEK made the fingerprint scanners for the Thinkpads.)

Re:'like from a beer mug' (1)

Dixie_Flatline (5077) | about 7 months ago | (#44897357)

If you're putting that much effort into hacking into my phone, well, you'd get my data no matter what I did. Frankly, I think you'd be better off packet sniffing my cellular traffic or something.

Why are you so interested in my phone that you want to lift my fingerprints onto a conductive substrate and force my phone open? What data do you think I keep on my phone that's worth so much? Once I notice my phone is gone I'm just going to remote wipe it anyway, and you can't turn THAT off without the code that I have memorised. Wait, you know that code? Well in that case you DIDN'T NEED MY FINGERPRINT AT ALL.

Re:'like from a beer mug' (0)

Anonymous Coward | about 7 months ago | (#44896071)

Your argument appears to be that this is a new technology, thus it won't succumb to the vulnerabilities of the previous generation. Even ignoring heretofore-unknown, new attacks, this has yet to be shown. As an example of why this isn't always true: Java run everything in a VM, thus it can't have security issues.

I'll point out a new vulnerability for you: fingerprint scans are much easier to rubber-hose out of people than passwords.

Re:'like from a beer mug' (0)

Anonymous Coward | about 7 months ago | (#44896085)

As was explained in the Apple keynote, a capacitive (not optical) sensor is used, which scans sub-epidermal skin layers....

In other words, pressing down too lightly on the reader during an election year will result in a hanging eChad and failure to validate.

Citation does not back up your claim (1)

amaurea (2900163) | about 7 months ago | (#44896087)

The source you site seems to be saying the opposite of what you claim:

When you touch the iPhone’s fingerprint sensor, it measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image..

Those raised parts of the fingerprint are exactly the ones that deposit fat stains on every surface you touch.

Of course, it is possible that the macworld article is misleading, and that the fingerprint reader reads some other pattern after all. If so, it would be nice to see a source that backs that up. This has been brought up in previous slashdot discussions too, but I have never seen any evidence backing it up, even after explicitly asking for it.

Re:'like from a beer mug' (0)

Anonymous Coward | about 7 months ago | (#44896141)

It's been done.

Lift fingerprint.
Print by a laser printer to make a mold.
Pour jello onto the printout.
Lift jello to have "finger" that works on "a capacitive (not optical) sensor."

https://www.google.ca/search?q=jello+mold+fingerprint

utter nonsense (-1)

Anonymous Coward | about 7 months ago | (#44896213)

while the 'lifted' print cannot be used directly with such a sensor, it can be used to cheaply create a 'replica' fingertip using the usual moulding techniques. It is simply a matter of finding the materials that fool the sensor. Rather like how one can buy stylus input devices for capacitive displays.

Of course, it is the work of paid shills to post "our security measures are flawless, and you sheep have nothing to worry about". This even still applies to the ordinary police use of fingerprint evidence- evidence that is utterly trivial to fake, and yet a single fingerprint alone can still send a person to prison for life.

The real purpose of the sensor is to gather fingerprint data for the NSA. The NSA is now such a bloated runaway monolith, it has every significant company in its pocket vying to find new ways of expanding the 'total surveillance' society. Most of this data is collected simply because it can (and has NOTHING to do with stopping crime or 'terrorism'), but that doesn't prevent depraved individuals finding nefarious uses for the information sometime down the line.

Re:'like from a beer mug' (0)

Anonymous Coward | about 7 months ago | (#44896369)

As was explained in the Apple keynote, a capacitive (not optical) sensor is used, which scans sub-epidermal skin layers. So lifting a fingerprint will not work.

Here is an extensive explanation [macworld.com] of the technologies used.

Yes, because claims by the manufacturer and related sites that the technology is unbreakable have always stopped hackers. </sarcasm>

Re:'like from a beer mug' (0)

Anonymous Coward | about 7 months ago | (#44896567)

Here: PPT Doc [zvetcobiometrics.com] is a powerpoint of a presentation on the technology from AuthenTec... the company that created this technology from mere months before Apple bought them.

It is as in-depth as one would want.

Re:'like from a beer mug' (1)

ModernGeek (601932) | about 7 months ago | (#44897047)

I'm not sure if it does this, but another good layer of security would be to require the passcode after maybe two failed fingerprint attempts.

Re:'like from a beer mug' (-1)

Anonymous Coward | about 7 months ago | (#44895769)

Follow the conversation on Twitter using the hashtag #ActOnClimate

Morons (1)

Anonymous Coward | about 7 months ago | (#44895591)

Apple has already pointed out that the fingerprint sensor will deliver a false-positive approximately 1 time in 50,000 (which they correctly point out is five times more secure than a four digit passcode which can be guessed 1 time in 9,999 attempts). Further, it's already been covered to death that the fingerprint sensor does not read the outer layer of skin and thus lifting a fingerprint from a beer mug will NOT work (despite the internet's intent to claim that it will...).

There's so much stupid surrounding this that it hurts my brain...

Re:Morons (2)

phantomfive (622387) | about 7 months ago | (#44895665)

Apple has already pointed out that the fingerprint sensor will deliver a false-positive approximately 1 time in 50,000

Presumably they are going to require repeatable results....

Re:Morons (1)

K. S. Kyosuke (729550) | about 7 months ago | (#44895741)

the fingerprint sensor does not read the outer layer of skin and thus lifting a fingerprint from a beer mug will NOT work

You mean that it can correctly identify whether the shape it reads is a natural pattern on the finger or a living human being, or whether it's some sort of synthetic replacement, regardless of the millions of combinations of materials and structure that come to one's mind?

Re:Morons (1)

FrankSchwab (675585) | about 7 months ago | (#44895883)

There's so much stupid surrounding this that it hurts my brain...

Well, as an expert in the field, I have to say that you've taken way too many internet postings as gospel.

This contest will be won quickly and easily. /frank

Caimed to death, but not backed up (3, Informative)

amaurea (2900163) | about 7 months ago | (#44896173)

What is your source for claiming that the sensor reads a different pattern than the normal fingerprints you leave behind? A capacitive fingerprint reader works by measuring the difference in capacitance between the ridges and valleys of your fingerprint. In the ridges, the distance to the more conductive layers beneath the skin (the sub-dermal layers you've heard about) is greater than in the valleys, which gives these regions higher capacitance. I guess the pattern you get this way could be different from the visible fingerprint if the underside of the skin has a significant, different pattern than the overside, but I have not heard that that is supposed to be the case.

To simplify things a bit, the much touted sub-dermal layers work as a sort of capacitive back-light which highlights the differences in thickness of the fingerprint above it. It is, to the best of my knowledge, simply another way of measuring the same fingerprint we see when we look at our fingers.

Small correction (1)

amaurea (2900163) | about 7 months ago | (#44897331)

Higher distance gives lower capacitance, not higher. This does not change the argument, though.

Broken on first day (0)

Misagon (1135) | about 7 months ago | (#44895629)

I would not be surprised if someone would have broken it within mere hours after they have become available.

How long does it take to etch a PCB (mould) and how long does it take for gelatine to cool down (finger cast)? (The method that Mythbusters used)

Re:Broken on first day (1)

glennrrr (592457) | about 7 months ago | (#44895661)

I wonder if the sensor could be trained to recognize an inanimate object like a casting of my finger. Then I could say "see this casting bypasses the security".

Re:Broken on first day (0)

Anonymous Coward | about 7 months ago | (#44895781)

Re:Broken on first day (1)

noh8rz10 (2716597) | about 7 months ago | (#44896009)

yes, but only the cat can unlock it! actually i don't know, if one cat is registered can others unlock it as well?

Re:Broken on first day (0)

Anonymous Coward | about 7 months ago | (#44897477)

Yes, if they're registered too. I recall they (Apple) said you could register up to 5 or 10 (?) different prints in order to allow multiple people to unlock the same device.

Re:Broken on first day (1)

Anonymous Coward | about 7 months ago | (#44895721)

I'm pretty sure the fingerprint sensor does not scan the outer layer of skin, but the sub-dermal layer. Why would you think that taking a cast of the outside of the finger would work?

Re:Broken on first day (0, Insightful)

Anonymous Coward | about 7 months ago | (#44895725)

Does.

Not.

Work.

Gawd, you're a geek that reads Slashdot. Please invest just a minor amount of effort to learn how a significant new feature from one of the most influential tech companies works. It's not hard - it's been discussed extensively virtually everywhere.

Re:Broken on first day (-1)

Anonymous Coward | about 7 months ago | (#44895735)

I wonder if I can use my wang

Re:Broken on first day (3, Insightful)

ShanghaiBill (739463) | about 7 months ago | (#44895941)

How long does it take to etch a PCB (mould) and how long does it take for gelatine to cool down (finger cast)? (The method that Mythbusters used)

The Mythbusters episode was from 2006, and was done on a sensor that was even older. Technology improves. In a decade, it can improve a lot. Their technique would almost certainly not work today. Apple's sensor requires a pulse, and detects deep skin layers that do not show up on a lifted fingerprint.

Re:Broken on first day (1)

Terrasque (796014) | about 7 months ago | (#44897255)

Didn't the manufacturer make similar claims about the Mythbusters lock too? That turned out to be hogwash.

Let's wait and see how it actually works.

Re:Broken on first day (3, Informative)

sootman (158191) | about 7 months ago | (#44896677)

> How long does it take to etch a PCB (mould) and
> how long does it take for gelatine to cool down
> (finger cast)?

I don't know. How long does it take to use Google and learn that your method won't fucking work? [tuaw.com]

Re:Broken on first day (0)

Anonymous Coward | about 7 months ago | (#44897153)

So I need to apply current to the gelatin and let the surface of it dry out?

You can just enter the passcode. (1, Interesting)

jcr (53032) | about 7 months ago | (#44895635)

Didn't these clowns watch the keynote?

-jcr

Re:You can just enter the passcode. (4, Funny)

maccodemonkey (1438585) | about 7 months ago | (#44895795)

Didn't these clowns watch the keynote?

-jcr

I am totally shocked someone in the tech industry would launch a project without fully understanding the original problem. SHOCKED I SAY.

Re:You can just enter the passcode. (0)

Anonymous Coward | about 7 months ago | (#44896097)

Didn't these clowns watch the keynote?

-jcr

I am totally shocked someone in the tech industry would launch a project without fully understanding the original problem. SHOCKED I SAY.

Yeah, especially with Apple products. I mean, no one overreacts with those, right?

Wait, what the fuck do you mean people are in line already?!?

Re:You can just enter the passcode. (1)

thue (121682) | about 7 months ago | (#44896023)

The problem is that the fingerprint scanner could create a false sense of security.

Not the usual sort of fingerprint reader. (0)

Anonymous Coward | about 7 months ago | (#44895751)

From apple's marketing material the device claims to be a capacitive fingerprint reader and not the optical sort. This is the first I've ever heard of anything like that.

Supposedly it's not vulnerable to lifted fingerprints from other surfaces because it's able to capture sub-dermal characteristics that are not left behind on a fingerprint you'd find on something like a beer mug. So its less a fingerprint reader, and some sort of deep finger scanner.

I'm not sure why this is a big deal either, because historically it's been easy to attack a phone, iphones included, via the usb port/dock/port/whatever. Security companies even sell handheld devices to cops that let them plug-and-play dump phones via said interface ports.

Of course I look forward to seeing what people can do. It will be interesting to see how apple's claims hold up. If what apple claims is true then everything is buttoned up and secured inside some security module in the main CPU. Sounds like you may need to do some JTAG hacking to see what's really going on.

Re:Not the usual sort of fingerprint reader. (1)

Daniel_Staal (609844) | about 7 months ago | (#44897019)

Apple's been working on the dock port problem as well: IIRC, Recent OS updates will alert the user if you plug into a device that attempts to treat the phone as a USB storage device (instead of a battery), and require the user to allow it. (After unlocking the screen, of course, which means if it's locked and requires a password or fingerprint, you need the password or fingerprint.)

It's not a high-security device by any means, but the obvious pitfalls are being taken care of. I don't expect this bounty to be particularly hard, but it's probably going to be beyond the average thief.

Drunk and passed out? (0)

Anonymous Coward | about 7 months ago | (#44895767)

Your finger is not.

Date rape drug, profit (0)

Anonymous Coward | about 7 months ago | (#44895785)

nothing more to say.

Scotch Tape (0)

klaasb01 (522394) | about 7 months ago | (#44895809)

Wouldn't the surface of the phone (front or back) be a good place to lift a print of the owner then transfer it to another medium so that you could use it on the phone?

Re:Scotch Tape (1)

Anonymous Coward | about 7 months ago | (#44895889)

No, because the iPhone 5S doesn't use an optical fingerprint scanner. It's using a capacitive sensor that measures capacitance of the skin and sub-epidermal layers of the finger. A simple image of the print won't fool it.

MacGyver already did it. (1)

Videospike (2897665) | about 7 months ago | (#44895811)

Season 2 Episode 1, "The Human Factor". Mac scrapes some gypsum dust off of a wall and blows it across the reader (a hand print reader, if I remember correctly) like one would dust for fingerprints. Then he wrapped his hand and pressed the reader - voila! It should work as long as the phone's owner doesn't remember to wipe down their fingerprint reader each time they use it.

Re:MacGyver already did it. (0)

Anonymous Coward | about 7 months ago | (#44895955)

It won't work since the fingerprint/epidermal layer isn't read by the sensor in the first place

Macworld contradicts you (1)

amaurea (2900163) | about 7 months ago | (#44896289)

From this macworld article [macworld.com] on the subject:

A capacitance fingerprint reader leverages a handy property of your skin: The outer layer of your skin (your dermis), where your fingerprint is, is non-conductive, while the subdermal layer behind it is conductive. When you touch the iPhone’s fingerprint sensor, it measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image..

A capacitor [wikipedia.org] works by having an insulator sandwitched between two conductors. The thinner the insulator is, the higher the capacitance. In the case of a capacitive fingerprint reader, the conductors are the reader itself on one side, and the subdermal layers on the other side. In between them, the skin works as an insulator. Hence, by measuring the capacitance, one is effectively measuring the thickness of the skin. I.e. the pattern of ridges and valleys visible on your fingers. This is the layer you claimed wasn't measured in the first place.

Re:Macworld contradicts you (0)

Anonymous Coward | about 7 months ago | (#44896765)

The context is the bounty. The bounty requires that a fingerprint be lifted from something. A fingerprint lifted from something only tells you where skin oil is left on that something. It only tells you touching and not touching, and not any thickness beyond that. The MacGyver scenario from the OP assumes that this is enough to give access. Now, "read" != "measured". The sensor does not read anything from the epidermal layer directly, thus simply having a fingerprint lifted from something will not give access. As you said, the epidermal layer is measure via the capacitance between the sensor and subdermal layers. This information cannot be obtained from a fingerprint lifted from something. GP and you are both correct but you just didn't fully think this through in the context of the OP and article

Re:Macworld contradicts you (1)

Quila (201335) | about 7 months ago | (#44897215)

And how does this defeat the RF scanner that looks only at the live tissue underneath?

Better bounty needed (1)

Sponge Bath (413667) | about 7 months ago | (#44895887)

If someone could find a way around this, it would be worth a lot more than the stated bounty to criminals.

Re:Better bounty needed (1)

Bob_Who (926234) | about 7 months ago | (#44895951)

Yeah, a whole hell of a lot better than honor among thieves and a low ball guarantee..

Crime pays better when dealing directly with Congress and lobbyists.

Easy (0)

sexconker (1179573) | about 7 months ago | (#44895961)

Dig up the corpse of Steve Jobs Chop off thumb. You now have access to every iPhone 5s.

I guarantee you there are back doors in place for that corpse.

FYI (0)

Anonymous Coward | about 7 months ago | (#44895983)

I don't know if it 'requires' a fingerprint in order to use the phone, But I will never purchase any device that does. I do however have some suggestions for hacks.

First, somebody come up with an artifical finger complete with fingerprints, temp and a pulse. Second, all the dead people throughout history, the is a potential market for their fingerprints, and so there is also a market for artificial fingers. You could carry around in your wallet, the fingerprint of your choice.

They play their games, and we play ours.

One punch will do it, no weapons required. (-1)

Anonymous Coward | about 7 months ago | (#44896089)

All the iPhone thief has to do is walk up to someone who
has a new iPhone and punch them in the head and knock
them out. Then, press the unconscious person's finger
to the screen of the phone and unlock the phone.

If you don't think that this will happen you haven't spent
much time on the street. I knew a guy who stole mopeds
this way - he walked up to the person who was sitting on
a running moped, and asked them for directions and while they
were momentarily distracted he would then punch them hard and
knock them out and ride away on the moped.

Apple is big on gimmicks that impress people who don't engage in
critical thinking about the value of some of those gimmicks.
This fingerprint iPhone security is a good example of this.

Re:One punch will do it, no weapons required. (0)

Anonymous Coward | about 7 months ago | (#44896185)

Virtually the same post got stated when anti-theft engine modules came to car computers. The car is theft-resistant, so just rear-end the car, wait until the driver is out, punch him out and take his keys.

This isn't Apple's problem, and if there is a feature to demand a passcode + fingerprint, this is a nonissue anyway.

Is the contest open to cats? (0)

Anonymous Coward | about 7 months ago | (#44896429)

They seem to be able to use it, after all...

Very Helpfull (-1)

Anonymous Coward | about 7 months ago | (#44896435)

I am very thankfull to you for this. I was searching this for a long time. It is very helfull and interesting material for me.I appreciate you for the informative work.
AM Websolution [amwebsolution.com]

Anything for attention (0)

Anonymous Coward | about 7 months ago | (#44896453)

Good luck, chumps!

(Sore lusers.)

Why? So simple to break... (0)

Anonymous Coward | about 7 months ago | (#44896797)

Just get the person really drunk and no need to cut off any finger.
Millions of kids will wake before the rents and grab the phone and then get their parents sleeping finger to play their games.

Easy hack (1)

deviated_prevert (1146403) | about 7 months ago | (#44897459)

Just take close in photos of all the smudges on the "retinal" display screen extrapolate 3d from it and print it with a 3d printer. Presto access.

Re:Easy hack (0)

Anonymous Coward | about 7 months ago | (#44897559)

dood ur so fakkin smart

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...