Scary! Iphone 5s Users Fooled By Apple and NSA

You might consider twice before you use the fingerprint-scanning on Iphone 5s

http://thehackernews.com/2013/09/iphone-5s-users-fooled-by-apple-nsa-and.html

It’s a load of factually wrong sensationalist crap, written by somebody who has done no research into the matter.

To anybody else reading this thread, don’t click the link. Don’t give the author any ad revenue for this obvious link baiting.

Man, this is a sensationalist post about a sensationalist post. I feel myself like in a kind of Inception movie. :slight_smile:

(Yes, was there to check. And I use Ad Blockers.)

[quote=36376:@John Hansen]You might consider twice before you use the fingerprint-scanning on Iphone 5s

http://thehackernews.com/2013/09/iphone-5s-users-fooled-by-apple-nsa-and.html[/quote]

Sorry guys, got this link from some one else, so I did not pay much attention to the real truth.

This is what CNN says about it: http://edition.cnn.com/2013/09/12/tech/mobile/iphone-fingerprint-privacy/index.html

The CNN article is much more on the money. But still leaves out the fact that the fingerprint data is stored as hashes salted against hardware ids. NSA could ask Apple for a fingerprint, but they wouldn’t get it. The other critical detail is that the sensor communicates directly with the chip using a private secure subsystem that the OS can never see. The OS merely gets a “match” or “no match” back from the sensor. The revolution in Touch ID isn’t the fingerprint sensor, but all the security techniques going on behind the scenes. Apple took this very, very seriously.

As for the CCC “attack” - it’s nothing new. The exact same technique has been used to fool nearly every other fingerprint reader on the planet. It also required about 30 hours to setup and about $100,000 worth of equipment. Well beyond what the common identity thief has laying around and is willing to put into it.

There really isn’t a problem here. The only problem is news outlets trying desperately to click-bait.