[youtube]http://youtu.be/0mmDcq-2Fos[/youtube]
Stim deja ca sistemul Touch ID al iPhone 5S poate fi pacalit de catre persoane cu experienta in falsificarea amprentelor, iar un tutorial video publicat in cursul noptii trecute pe internet detaliaza intreaga procedura. Practic aveti nevoie de echipament de 1000$ pentru a procesa si crea amprenta, insa chiar daca faceti acest lucru, exista sansa ca sistemul sa nu o recunoasca. Mai mult decat atat, persoana care incearca sa pacaleasca sistemul trebuie sa aiba amprenta corecta inregistrata in Touch ID, ea trebuind sa fie completa, altfel sistemul o va respinge si nu va face deblocarea.
I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial. The Touch ID is nevertheless a very reliable fingerprint system. However, users should only consider it an increase in convenience and not security. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial. Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician.
Desi cei care au pacalit sistemul au reusit sa o faca in doar 30 de ore, iar creatorul clipului video de mai sus a fost uimit de rapiditatea cu care a realizat totul, procedura nu este simpla si conform unora, este nevoie de indemanarea unui expert criminalist pentru a realiza totul. Problemele principale au legatura cu procesul de ridicare a amprentei care trebuie facut folosind: o substanta adeziva numita aburi de cyanoacrylat, praf pentru ridicarea amprentelor sau banda adeziva pentru ridicarea amprentelor. Dupa ridicare, amprenta trebuie fotografiata, editata si printata pe o folie transparenta care este mai apoi transformata intr-o amprenta utilizabila folosind o imprimanta laser.
Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don’t forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it. However, let’s be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn’t a threat that many of us face.
Procedura aceasta extrem de complicata si faptul ca Apple foloseste cititorul de amprente pentru a inregistra o imagine de inalta rezolutie a stratelor sub-epidermale ale degetului, ii vor determina pe multi sa nu incerce sa pacaleasca Touch ID-ul, insa chiar si o amprenta falsificata, corect ridicata, ar putea fi respinsa.