Krissler is providing a huge service here. It's a great illustration of the fact that fingerprints and other biometrics are analogous to usernames and are completely unlike passwords.
It's like Apple and other biometric device purveyors are telling us all to just log in with our username and a blank password. At the moment we're all scrawling our passwords on every surface of every room we enter.
Well, it's a little different, because as far as I can tell he has reconstructed a 2D image of the fingerprint, but not used that fingerprint successfully for any authentication system.
"As an example, he demonstrated how he could use his fake fingerprint to unlock his iPhone — that features a ‘Touch ID’ fingerprint sensor integrated into its home button."
> It isn't entirely clear which fake fingerprint was used.
Obviously his own fingerprint. He doesn't have access to the German Defense Minister iPhone to test the real one (assuming the Defense Minister uses an iPhone and has Touch ID configured).
Hehe well obviously not hers. What I meant was that it wasn't clear how he built the fake fingerprint he tested, whether he used the exact same method he used to construct the defense minister's fingerprint, or whether he "cheated" to make it easier on himself.
Ah haha, sorry, I misunderstood you. Yes, definitively the details of this are fundamental to know if this could work in non-ideal conditions -it's not the same to take a high res photo only of your finger with good lighting than use publicly available, normal photos.
However, you can disable the thumbprint login option, just like you can disable the pin login option. Or you can add a more complicated login. Apple gives you more flexibility to make your own choice about unlocking your iPhone, they're not saying that you're thumbprint is your password.
Given that a) Apple doesn't/can't store your entire 3D fingerprint and b) registering your finger into multiple TouchID "slots" on your phone increases the iPhone's accept rate, to me means that
While I applaud the research, Krissler needs to prove that he can unlock a device reliably using a system like TouchID (as a reference platform) using this intensive photograph-only modeling approach before I become worried - his previous efforts last year don't count as "previous proof" - if it were reliable, there would be a comprehensive breakdown/proof.
Fingerprint technology has improved greatly - e.g. TouchID requires something warm like flesh behind the scan, and does image the 3D contours as applied to the press - which deform the scan from it's natural state.
But more often you either don't change them many times a day (seriously, how many do that?) or don't have PIN at all.
Peeking someone's PIN code and snooping around the phone while the owner is away is much much easier than reconstructing the fingerprint well enough to pass the TouchID.
It was said more than once: TouhcID is not perfect, but better than nothing, and before TouchID "nothing" was more likely, because all of the hassle with PIN.
Sure. However, in practice, what difference does that make?
In many cases fingerprints are perfectly fine to use. However, they do have glaring problems as well. So they are anything but perfect, I’m just not sure what difference that makes to how they are used in practice right now.
It's like Apple and other biometric device purveyors are telling us all to just log in with our username and a blank password. At the moment we're all scrawling our passwords on every surface of every room we enter.