Depends on scenario. If you steal a phone from a bag on the subway, you'll never be able to get that photo but can probably lift the print right off the phone itself. So maybe iOS has better-yet-still-mediocre protection against snooping yet inferiorly-mediocre guards against identity theft. Yawn.
In neither case is the phone meaningfully protected against serious attack. Why must we have this argument? It's a cute feature. Use it.
> but can probably lift the print right off the phone itself
What utter unmitigated rubbish. It is extremely unlikely that even a fully qualified CSI would be able to lift a full print from a mobile phone, let alone one that that can be reliably reproduced in the manner CCC described.
On release, people were saying it was unhackable. Molds were made that faked it within a week. You really want to bet that no one will make this work? With a target this high profile?
My 5 year old son was quite literally dusting for fingerprints at the local science museum last weekend. We have some shockingly high fidelity prints of both our thumbs showing all the ridges. And all we had to do was squeeze a piece of plastic. Fingerprints have even less identifying detail than faces. You've been hoodwinked by Apple's marketing, and I'm willing to bet this isn't the first time.
Yup - remember the whole "sub dermal RF fields - so it can't be a fake finger, or your finger can't be cut off - has to have a pulse and be live", from Apple's own marketing?
Yeah, not so much. The fakes didn't even pretend to be live tissue.
It's amazing rant with any Apple story, there you are with an 'expert' opinion followed by a thinly veiled troll. I want to see your 5 year old son lift near perfect prints from a typical iPhone, no deliberate placing of prints mind you. I then want to see you recreate the CCC "hack" with the correct print. It's time to put up or shut up.
but can probably lift the print right off the phone itself
That doesn't seem to be the case to my knowledge. The evidence from the successful attack is that you need an excellent-quality print from one of the specific fingers that has been programmed into the phone. Some phones probably have that on them, but it appears likely that many do not.
The "sandbox" being referred to is the "Secure Enclave", which apparently is what ARM calls "TrustZone": http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-... The data isn't accessible to even the OS. So, in theory at least, jailbreaking doesn't make it any more accessible.
edit: build an app, get your colleague, significant other etc touch it on any touchscreen phone or get on camera and create a 3d printed finger. 3d printing vs touchid...maybe
I'm pretty sure the GP was talking about the likelihood of a given phone having an appropriate-quality print [1], which does seem low.
But putting that aside, your hypothetical app would -- using the demonstrated method -- 'lift' that excellent quality print, scan it at 2400 dpi, (clean up said print), print it on a transparency at 1200 dpi, mask it onto photosensitive PCB, develop/etch/clean the PCB, spray graphite and apply wood glue to the mold.
It might make for a slightly-more-plausible-than-normal gadget sequence in a Mission Impossible movie, but it's not much of a concern for the target market. [2]
[1] Despite what decades of shows like CSI might lead us to believe, this is not a simple or error-free process. And each mistake irrecoverably destroys the print.
[2] Most of that market doesn't even use a passcode today and many that do are still using surprisingly bad PINs (birthdays/anniversaries/1234)
I find it amazing that when faced with a general question about a "security" feature the median internet tech nerd responds with an attitude of absolute paranoia (c.f. 4096 bit RSA keys, multi-word pass phrase choices, ssh key forwarding pedantry, general NSA tinfoil hatism....)
Except when confronted with an Apple product. Then it's all "Nah bro, relax. No way could you lift a fingerprint from a glossy phone screen". :)
I'll say it for the third time. It's cute feature (like face unlock was before it). Use it and enjoy it. If you honestly think you're buying a serious security mechanism you're simply wrong.
You see two different classes of responses because there's two different use cases.
There's security that geeks advocate for ourselves and our own implementations (often things we only have to set up and maintain infrequently) and then there's security that normals actually use (often things they have to authenticate with several times a day).
And I must have missed it, if anyone's been arguing this is a serious security mechanism. As far as I've seen, it's been lauded as (not much) better than a passcode, but, primarily, convenient enough to get people to use it instead of nothing, bringing up the relative security of a still-fairly-insecure bunch.
And you may want to re-read the discussion over the faked-print attacks. It isn't about (im)possibility. It's about the time, expertise and equipment involved and the likelihood of success being too expensive to be worthwhile for gaining access to most phones. [1]
And if we're wearing our "serious" security hats, I still don't see any reason to worry too much about print faking, as its core assumption is a skilled attacker who has unfettered physical access to our device, unbeknownst to us and beyond our control. And at that point, the game is already over.
[1] CCC themselves, with ideal source prints, had to significantly complicate their process to generate fakes that worked with a suitable consistency. So even if you think suitable source prints grow on trees, the point of significant skill, equipment, time and resources remains.
It's not at all clear that the absolute paranoiacs and the people saying that it's unlikely that any but a vanishingly small number of regular people will ever have Touch ID hacked are from the same set.
When you say it's not "a serious security mechanism", it sounds as if that's defined in some absolute terms. But if the effort to hack it is hundreds of times more difficult than the possible payoff from hacking it (which appears to be the case for nearly anybody but James Bond), then it acts as a serious security mechanism for that user's context. Literally nobody is going to make a mold of my finger to unlock my iPhone — they'd have to be absolutely insane to think that was worthwhile. So it's a serious security mechanism for me. Would it be a serious security mechanism to cover nuclear launch codes? Of course not.
> When you say it's not "a serious security mechanism", it sounds as if that's defined in some absolute terms.
You have to understand that the practice of cryptography has always had a military basis; the commercial/private use is ancillary.
So, what's "a serious security mechanism?" Presume you're a military commander during active war, whose battle plans are intercepted by an opposing nation. What is the likelihood, given the opposing nation believes your plan will lead to their complete destruction, that they'll be able to break the security in time to execute a counter-operation? A serious security mechanism is anything that reduces that likelihood.
Okay, but if you steal a phone on the subway, why would you even bother unlocking it? Just sell it on ebay as a locked phone. Some bored teenagers will buy them up, unlock them, wipe them and then resell them for a few dollars more.
If Find My iPhone is on, that locked phone is essentially a brick, it cannot be activated even if completely wiped, since its still associated with your Apple ID on the server side.
You need to be able to sign in with the Apple ID to remove the association.
I've already done that service for another, using some auto-unlocking tools. Takes all but 5 seconds, including USB negotiation. And it even gets past sim-locks.
In neither case is the phone meaningfully protected against serious attack. Why must we have this argument? It's a cute feature. Use it.