> unless you're somehow trying to reverse engineer someone's fingerprint
Well yeah basically. I mean, it's just recognizing some pattern as "the fingerprint" right? So if you can replicate a matching pattern you can beat a fingerprint scanner. I'm just curious what resolution the scanner/recognizer pattern is at.
I'm assuming Apple uses some kind of capacitive sensor. From googling it looks like it's a 500ppi sensor. The sensor isn't even 1"x1", it's maybe 1/2"^2. Which gives us 62,500 "pixels" or whatever the sensing elements are called.
That's 2^62,500 (assuming the sensors are binary) combination. That's a big number, and probably uncrackable.
But maybe there's some fuzziness in the sensor or the software and the effective resolution is more like 100ppi. That's still a huge number (753 digits).
But then maybe you can apply some smart guesses or some reverse engineering and concentrate patterns in the middle of the sensor (where good contact might be made), maybe down to a 1/32" section. Now we're within brute force distance.
All you need now is a tool at that resolution to input fingerprint patterns, or just provide signals to the sensor lines.
After all, this is possible [1], why not fingerprints?
You missed the important thing though - Touch ID has an attempt limit, so it only works something like five or ten times and then you need to enter the pin/passcode.
The attack in the article does not work to get around this, because Touch ID does not work at startup until you have entered the code.
So brute forcing it is not going to work unless you have the passcode, in which case brute forcing it isn't super useful.
Well yeah basically. I mean, it's just recognizing some pattern as "the fingerprint" right? So if you can replicate a matching pattern you can beat a fingerprint scanner. I'm just curious what resolution the scanner/recognizer pattern is at.
I'm assuming Apple uses some kind of capacitive sensor. From googling it looks like it's a 500ppi sensor. The sensor isn't even 1"x1", it's maybe 1/2"^2. Which gives us 62,500 "pixels" or whatever the sensing elements are called.
That's 2^62,500 (assuming the sensors are binary) combination. That's a big number, and probably uncrackable.
But maybe there's some fuzziness in the sensor or the software and the effective resolution is more like 100ppi. That's still a huge number (753 digits).
But then maybe you can apply some smart guesses or some reverse engineering and concentrate patterns in the middle of the sensor (where good contact might be made), maybe down to a 1/32" section. Now we're within brute force distance.
All you need now is a tool at that resolution to input fingerprint patterns, or just provide signals to the sensor lines.
After all, this is possible [1], why not fingerprints?
1 - http://gizmodo.com/this-is-what-happens-when-you-reverse-eng...