Comments
Apple Hackers Rate iPhone 5s Security
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Richard
50%
50%
Richard,
User Rank: Apprentice
9/21/2013 | 3:32:10 AM
re: Apple Hackers Rate iPhone 5s Security
melgross - please take a moment or two to watch my videos on my initial attempts to defeat the sensor on Fortinet's blog.

I have gotten the "new" capacitance sensor to recognize a gelatin finger, enroll it, and use it to unlock the phone.

Further, I have been able to get a gelatin finger to be rejected by the phone as an "unrecognized print"... which means my initial comments about the capacitance sensor being "dumb" was correct.

Now as far as getting the phone to unlock with a replicated print of a live finger... well, I'm still hacking away at it. :)
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/17/2013 | 10:25:22 AM
re: Apple Hackers Rate iPhone 5s Security
No answers yet on the Exchange compatibility question -- we'll need to get our hands on iOS 7 to see how Apple has implemented Exchange ActiveSync. But working with Exchange typically requires a bona fide password. For that reason, as noted by the interviewee, many people report difficulty getting Android swipe unlock to work with Exchange ActiveSync. It remains to be seen if Apple -- or a third party -- will find some way of bridging the password-to-fingerprint gap.
Richard
50%
50%
Richard,
User Rank: Apprentice
9/16/2013 | 5:24:46 PM
re: Apple Hackers Rate iPhone 5s Security
For the record, I was referring only to the metal ring around the sensor that detects a finger, not the sensor that reads the print. That *is* a "dumb" sensor that can be defeated.

Also, I counter your statement that the sensor reads the subdermal layer - it does not. It reads the subepidermal layer. There *is* a difference.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:52:31 PM
re: Apple Hackers Rate iPhone 5s Security
Just goes to show how most posters don't know what they're talking about, or whether they even bother to read the entire article. It seems to even be questionable as to whether they understand the article even if they do read it.

But just as a point of clarification, 3D printers can't print to silicone (it's not silicon). Even if they could (though some VERY expensive new models use a variant), the resolution of 3D printers that aren't priced in the multiple 100's of thousands don't have the 550ppi resolution to be able to print out an accurate fingerprint. And, of course, they can't print out the capacitance patterns, or even know them.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:59 PM
re: Apple Hackers Rate iPhone 5s Security
Yes, it's optional.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:22 PM
re: Apple Hackers Rate iPhone 5s Security
I would just like to say that Mr. Henderson has never attempted to break the security of the new capacitance sensors. And possibly doesn't even understand the way they work. This sensor, at least, doesn't simply detect the overall field of capacitance as does a capacitance touch screen. It reads the capacitance pattern of the sub dermal layer. That's impossible to fake with a simple capacitance.
Laurianne
50%
50%
Laurianne,
User Rank: Author
9/14/2013 | 12:21:44 PM
re: Apple Hackers Rate iPhone 5s Security
Mat, can you clarify the Exchange compatibility issue? Thanks
aaronAshfield
50%
50%
aaronAshfield,
User Rank: Guru
9/14/2013 | 12:21:08 PM
re: Apple Hackers Rate iPhone 5s Security
Hackers, here is an attack that works:
1- Take a piece of tape
2- Place it on the iPhone button, and take the fingerprint
3- Send it to a 3D printer and print if on silicon
4- Use the silicon finger for access
greatdott!
50%
50%
greatdott!,
User Rank: Apprentice
9/13/2013 | 9:57:27 PM
re: Apple Hackers Rate iPhone 5s Security
Is the fingerprint scanner additive to a passcode in an Exchange EAS environment, or entirely incompatible? That is, can a user also employ the scanner if she is already using an Exchange EAS-compatible passcode?

Your unnamed "network operations specialist"'s quote suggests full incompatibility: "'... the fingerprint reader is not compatible with Exchange EAS,' he said."
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
9/13/2013 | 7:13:24 PM
re: Apple Hackers Rate iPhone 5s Security
Is using the fingerprint scanner optional? I wonder if consumers will trust the technology. I know my wife used to have trouble with the fingerprint scanners at Disney never reading her fingerprint the same way twice, making the tech less of a convenience.
Page 1 / 2   >   >>


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.