Comments
Apple Hackers Rate iPhone 5s Security
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Richard
50%
50%
Richard,
User Rank: Apprentice
9/21/2013 | 3:32:10 AM
re: Apple Hackers Rate iPhone 5s Security
melgross - please take a moment or two to watch my videos on my initial attempts to defeat the sensor on Fortinet's blog.

I have gotten the "new" capacitance sensor to recognize a gelatin finger, enroll it, and use it to unlock the phone.

Further, I have been able to get a gelatin finger to be rejected by the phone as an "unrecognized print"... which means my initial comments about the capacitance sensor being "dumb" was correct.

Now as far as getting the phone to unlock with a replicated print of a live finger... well, I'm still hacking away at it. :)
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/17/2013 | 10:25:22 AM
re: Apple Hackers Rate iPhone 5s Security
No answers yet on the Exchange compatibility question -- we'll need to get our hands on iOS 7 to see how Apple has implemented Exchange ActiveSync. But working with Exchange typically requires a bona fide password. For that reason, as noted by the interviewee, many people report difficulty getting Android swipe unlock to work with Exchange ActiveSync. It remains to be seen if Apple -- or a third party -- will find some way of bridging the password-to-fingerprint gap.
Richard
50%
50%
Richard,
User Rank: Apprentice
9/16/2013 | 5:24:46 PM
re: Apple Hackers Rate iPhone 5s Security
For the record, I was referring only to the metal ring around the sensor that detects a finger, not the sensor that reads the print. That *is* a "dumb" sensor that can be defeated.

Also, I counter your statement that the sensor reads the subdermal layer - it does not. It reads the subepidermal layer. There *is* a difference.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:52:31 PM
re: Apple Hackers Rate iPhone 5s Security
Just goes to show how most posters don't know what they're talking about, or whether they even bother to read the entire article. It seems to even be questionable as to whether they understand the article even if they do read it.

But just as a point of clarification, 3D printers can't print to silicone (it's not silicon). Even if they could (though some VERY expensive new models use a variant), the resolution of 3D printers that aren't priced in the multiple 100's of thousands don't have the 550ppi resolution to be able to print out an accurate fingerprint. And, of course, they can't print out the capacitance patterns, or even know them.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:59 PM
re: Apple Hackers Rate iPhone 5s Security
Yes, it's optional.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:22 PM
re: Apple Hackers Rate iPhone 5s Security
I would just like to say that Mr. Henderson has never attempted to break the security of the new capacitance sensors. And possibly doesn't even understand the way they work. This sensor, at least, doesn't simply detect the overall field of capacitance as does a capacitance touch screen. It reads the capacitance pattern of the sub dermal layer. That's impossible to fake with a simple capacitance.
Laurianne
50%
50%
Laurianne,
User Rank: Author
9/14/2013 | 12:21:44 PM
re: Apple Hackers Rate iPhone 5s Security
Mat, can you clarify the Exchange compatibility issue? Thanks
aaronAshfield
50%
50%
aaronAshfield,
User Rank: Guru
9/14/2013 | 12:21:08 PM
re: Apple Hackers Rate iPhone 5s Security
Hackers, here is an attack that works:
1- Take a piece of tape
2- Place it on the iPhone button, and take the fingerprint
3- Send it to a 3D printer and print if on silicon
4- Use the silicon finger for access
greatdott!
50%
50%
greatdott!,
User Rank: Apprentice
9/13/2013 | 9:57:27 PM
re: Apple Hackers Rate iPhone 5s Security
Is the fingerprint scanner additive to a passcode in an Exchange EAS environment, or entirely incompatible? That is, can a user also employ the scanner if she is already using an Exchange EAS-compatible passcode?

Your unnamed "network operations specialist"'s quote suggests full incompatibility: "'... the fingerprint reader is not compatible with Exchange EAS,' he said."
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
9/13/2013 | 7:13:24 PM
re: Apple Hackers Rate iPhone 5s Security
Is using the fingerprint scanner optional? I wonder if consumers will trust the technology. I know my wife used to have trouble with the fingerprint scanners at Disney never reading her fingerprint the same way twice, making the tech less of a convenience.
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.