For additional context most manufacturers state the longest you can read passive EPC Gen 2 tags is about 30 feet. We were able to build a device that allowed reads at over 200 feet and could have easily done more.
EPC Gen 2 was designed to be an efficient, cheap Tag for inventory management and not used in secure applications. Anywhere you see it being used for something secure - it can almost certainly be broken.
I’ll be releasing the specs for the platform we built at a talk soon, so that everyone can start pentesting EPC Gen 2 tags for cheap.
A skilled person or organization yes. Obtaining the latent prints probably isn't the hard part, I imagine stealing someones trash would be enough for that.
The tricky part is making a clone accurate and detailed enough that it works in less than 6 attempts.
While two factor auth is probably overkill for just unlocking a device to many people, I would like to at least have the option.
One of my concerns is that if your device is ever taken by an organization that has the ability to command your fingerprints then they can quite easily unlock your device negating any encryption.
Also while I think its unlikely right now for criminals to make fake fingerprints in order to steal financial transactions, its a flaw and ApplePay is going to financially motivate those criminals to look into ways to refine the process and make it easier to do.
Turn your phone off before crossing a border. Put the wrong finger on the sensor five times in quick succession when you are asked to hand over your phone and you don't get a chance to turn it off.
In both cases, the phone will require a passphrase for unlocking (if you configure one as opposed to just a simple code, of course).
Having a really long passphrase and the ability to very quickly render the fingerprint reader useless is a huge improvement in security over previous touchid-less phones.
Having to both type a code and using my fingerprint (in that case, in addition to a very long passphrase, which would be difficult to explain to users how that works) would be very annoying, at least for me.
Even simply disabling "simple passcode" and using an equivalently simple alphanumeric passcode makes the task a lot more difficult for the brute-force cracker.
In fact, if you look at one of the cracking tools that law enforcement is known to use [1], iOS8 looks to have made things more difficult:
"iOS 8
Currently under version 4.0 Advanced logical extraction will extract less data compare to previous iOS versions."
Pin, not a passphrase. Just switching to a 4 digit pin would be heaven for me (I have an iPhone 5) - I would have zero problem entering touchID + a 4 digit pin.
I would surmise that this is because Apple relies upon the PIN as a failsafe in the event that the Touch ID sensor can't / won't read your fingerprint. Let's say you only have your right thumbprint scanned and you injure it to the extent that it's no longer recognizable to the Touch ID sensor—what then?
Two-factor authentication would need to rely upon a much more reliable criteria than Touch ID.
You could always set up one pin/passcode for two factor auth and then use a separate passphrase as a fallback to unlock the device. It woould be much better security that way.
Also while we are on the subject using a short pincode to unlock the device is asking for trouble. While the device ID is tied to the decryption and there is no way to extract it yet I have no confidence that it will remain that way forever. At which point the ability to crack a short pin off the device means the pin will get cracked in seconds.
Its interesting that since publishing this at least two other bits of smartphone based mining malware has appeared.
clearly these malware authors have too much time on their hands I mean unless you harness multiple thousands of smartphones together and make a bitcoin mining smartphone botnet theres no way you can make enough money to make this worthwhile.
It does speak to the entrepreneurial nature of malware authors though. Rather than create more wallet stealers, these guys are constantly striving to find a new "magic malware quadrant"
Really? Thats your take away? That the word hacker has many meanings? Sure the word hacker has different meanings to different people. Thats not really up for debate. What's interesting to me how its slowly becoming acceptable to be a hacker and what might be driving that change.
For example the UK government saying they want to hire hackers to the point of saying that a criminal offense in hacking might should not be a barrier to getting hired; while on the other hand back in the US, in Idaho, just describing yourself as a hacker is enough to erode your protection against unreasonable searches (4th amendment rights.
Another contrast, in the UK, when you say "Hacker" almost without exception people understand you to be talking about someone who breaks into computers; while in California in the US a Hacker could just as easily be interpreted as a clever coder.
