Shared posts

24 Sep 19:03

Bypassing TouchID was “no challenge at all,” hacker tells Ars

by Dan Goodin

Ars expressed surprise on Monday that a hacker was able to bypass fingerprint protection less than 48 hours after its debut in Apple's newest iPhone, but not everyone felt the same way. The hack, carried out by well-known German hacker Starbug, required too much expertise and pricey equipment to make it practical, according to critics.

Marc Rogers, a security expert at smartphone security firm Lookout, was among the skeptics. After independently devising his own bypass of Apple's Touch ID, he concluded that it was anything but easy. "Hacking Touch ID relies upon a combination of skills, existing academic research, and the patience of a Crime Scene Technician," he wrote. Rogers went on to say that no one would know just how feasible Starbug's hack was until he released a step-by-step video and we learned more technical details.

We now have both. Heise Online has posted the video here, and it was enough to satisfy Rob Graham, a security expert who donated $500 to the first person to hack Touch ID. Ars has also heard directly from Starbug, who (like us and several security experts) was surprised by how little time and effort his bypass required.

Read 19 remaining paragraphs | Comments