German Group claims to have hacked the fingerprint Scanner on the 5S

vbimport

#1

According to the article here:

http://news.yahoo.com/german-group-claims-hacked-apple-iphone-fingerprint-scanner-023223193--finance.html


#2

Jest, I’m not quite sure what this ‘hack’ is. It sounds like the group has merely duplicated the user’s fingerprint (“using a fabricated print” - basically, they obtained the user’s fingerprint, then photo’d it and made this ‘fake finger’).

Or maybe that’s just the published comments at this point, and that a true ‘hack’ is left unmentioned but used in the notification to Apple.

I thought they’d hacked into the so-called ‘secured kernal’ and replaced one user’s fingerprints with someone else’s, and thus could lock out the legitimate owner.

For me, a “complete hack” - as one analyst brags about - would be to leave the system in an “open to all” status yet appearing to have the fingerprint system left enabled. AND that the access was gained not thru a ‘fake finger’ but done via the device’s comms access - sending some file to replace the legitimate fingerprint and then altering the security settings.

But this article seems to claim a “complete hack” thru a “fabricated print”.

Is that what you read?

I guess this is a lot easier than the old eyeball-on-a-stick routine for retina scanning. I hope that bragging analyst would volunteer for THAT stunt, though.


#3

[QUOTE=ChristineBCW;2701304]Jest, I’m not quite sure what this ‘hack’ is. It sounds like the group has merely duplicated the user’s fingerprint (“using a fabricated print” - basically, they obtained the user’s fingerprint, then photo’d it and made this ‘fake finger’).

Or maybe that’s just the published comments at this point, and that a true ‘hack’ is left unmentioned but used in the notification to Apple.

I thought they’d hacked into the so-called ‘secured kernal’ and replaced one user’s fingerprints with someone else’s, and thus could lock out the legitimate owner.

For me, a “complete hack” - as one analyst brags about - would be to leave the system in an “open to all” status yet appearing to have the fingerprint system left enabled. AND that the access was gained not thru a ‘fake finger’ but done via the device’s comms access - sending some file to replace the legitimate fingerprint and then altering the security settings.

But this article seems to claim a “complete hack” thru a “fabricated print”.

Is that what you read?

I guess this is a lot easier than the old eyeball-on-a-stick routine for retina scanning. I hope that bragging analyst would volunteer for THAT stunt, though.[/QUOTE]

Yeah, I agree that thus far it appears merely that they were able to scan and duplicate the fingerprint. Yahoo has a tendency to screw up reports and I understand the information from the site itself is much more straightforward and explanitory, but I haven’t been able to find a link to the site. The point is though that this is a starting point for a major vulnerability to one’s identity.


#4

Yes. It’s more like “German Group shows how to copy fingerprint and steal access” instead of “hack phone”. In a way, this gives nod to Apple, therefore.

“Please, Woz, don’t let them consider retina scanning…”