Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 1 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Fingering the hackers

by The Gurus
September 26, 2013
in Opinions & Analysis
Share on FacebookShare on Twitter

The way that the industry collectively came together to offer a near $4,000 bounty for the first person to break Apple’s Touch ID fingerprint scanner shows an interest in research, and how determined we are to show fallibility.

In the story, the challenge to break Touch ID, introduced as part of iOS 7 last week, was launched by independent security researchers Robert Graham and Nick DePetrillo, who put their own money up in order to create a bounty that be awarded to the “winner”. This resulted in many others offering cash, bitcoins, books and alcohol for the first person to hack Touch ID.
However why did people come together to do this? Is it not a criminal action to break something and report it? Look at how it was actually broken by the Chaos Computer Club, by effectively creating a fake finger with an image of the user’s fingerprint. Hardly a zero-day threat or software vulnerability.
The other issue here is in regard to fingerprint authentication; yes it is unique to the user and hard to replicate, but look at your smartphone or tablet, there are fingerprints all over it. Is this the equivalent of writing your password on post-it notes and sticking it your computer? Well not really, but making a copy of something so present probably presents little challenge to the sophisticated minds out there.
How it was done by CCC is demonstrated in this video, and as you will see it is very unusual. Back in 2010, I asked if there was a flaw in biometrics if details are hacked, and it seems that this is the case here. Then LogLogic CEO Guy Churchward said that while biometric authentication is a great idea, the problem is that you cannot change your fingerprint like you can with a password.
In agreement with this was David Emm, senior security researcher at Kaspersky Labs, who said that if a passcode becomes compromised, he could replace it with a new one, but he cannot change his fingerprint.
“So if someone is able to fool a fingerprint reader by spoofing the fingerprint, you can’t just find a new fingerprint,” he said.
“If the CCC has indeed found an easy way to circumvent the Touch ID technology, then it would suggest that Apple’s ‘highly secure’ implementation may not be secure enough. Because of the nature of fingerprints, you effectively leave your password everywhere you go so unless a fingerprint reader is able to fully distinguish between a real finger and a fake one, a fingerprint scan is a poor substitute for a password.”
I have thought that the future was fingerprint authentication for some time, especially with the prevalence of shiny surfaces on mobile devices, and if I am honest I don’t see how this will go away. But the point is what Emm and I made in 2010, if the details are hacked and collected by a third party, it is not as easy as changing a password. Then again, you do have nine other fingers.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Banking malware goes back to basics, but is still effective

Next Post

Kids Are Coding

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information