

About the security content of iOS 7.0.2 - princeverma
http://support.apple.com/kb/HT5957
Also reintroduces a greek keyboard option for passcode entry
======
meepmorp
Largely off topic, but I wonder if there's something they can do about the CCC
Touch ID hack in software. Anyone here know enough about how the hardware
works to make a meaningful comment?

~~~
princeverma
Relevant : [https://blog.lookout.com/blog/2013/09/23/why-i-hacked-
apples...](https://blog.lookout.com/blog/2013/09/23/why-i-hacked-apples-
touchid-and-still-think-it-is-awesome/)

Quoting from this article,"Hacking TouchID relies upon a combination of
skills, existing academic research and the patience of a Crime Scene
Technician.

It is certainly not something your average street thief would be able to do,
and even then, they would have to get lucky. Don’t forget you only get five
attempts before TouchID rejects all fingerprints requiring a PIN code to
unlock it. However, let’s be clear, TouchID is unlikely to withstand a
targeted attack. A dedicated attacker with time and resources to observe his
victim and collect data, is probably not going to see TouchID as much of a
challenge. Luckily this isn’t a threat that many of us face.

TouchID is not a “strong” security control. It is a “convenient” security
control. Today just over 50 percent of users have a PIN on their smartphones,
and the number one reason people give for not using the PIN is that it’s
inconvenient. TouchID is strong enough to protect users from casual or
opportunistic attackers (with one concern I will cover later on) and it is
substantially better than nothing."

