Source - http://www.forbes.com/
By - Joseph Steinberg
Category - Hotels Near Doral Golf Resort
Posted By - Homewood Suites Miami
By - Joseph Steinberg
Category - Hotels Near Doral Golf Resort
Posted By - Homewood Suites Miami
 |
| Hotels Near Doral Golf Resort |
Just one day after the new fingerprint-scanning Apple AAPL -1.07%iPhone-5s was released to the public, hackers claimed to have defeated the new security mechanism. After their announcement on Saturday night, the Chaos Computer Club posted a video on YouTube which appears to show a user defeating Apple’s new TouchID security by using a replicated fingerprint.
Apple has not yet commented on this matter, and, as far as I can
tell, no third-party agency has publicly validated the video or the
hacker group’s claim. In theory, the techniques used should not have defeated the
sub-dermal analysis (analyzing three dimensional unique aspects of
fingerprints rather than just two-dimensional surface images) that Apple
was supposed to have used in its fingerprint scanner, but, as I
mentioned in my article last week (Your New iPhone Can Put Your Identity At Risk),
systems are not always implemented exactly as planned, and there are
sometimes exploitable vulnerabilities that people may be strongly
incented to find.
The video posted by the hacker group does not show the preparation of
the replicated print used to inappropriately authenticate. In fact, the
video may make the process of defeating the security seem far simpler
than it is – creating a replicated print similar to the one the hackers
apparently used to defeat the fingerprint sensor involves some work;
lifting and printing a high-resolution mirror image of a print onto a
surface (which seems to be what was done based on the video) is not
something that the average user can easily do today. However, as I noted
last week, if criminals stand to make significant money by doing so,
they will quickly acquire the skills and the resources needed to achieve
their goal.
Hence, if the technique claimed by the hackers is found to work (even if
it works only some of the time), there is serious risk to any user
using fingerprint authentication on its own. Coupled with the other
risks that I described last week, as well as with the possibility that
fingerprints and forced fingerprint authentication may not be protected
by the Fifth Amendment, this new revelation makes me even more certain
in my concerns about fingerprint authentication on smartphones.
No comments:
Post a Comment