Video reveals how the Touch ID hack was performed – ‘trivial’ attack that took 30 hours

The German hacker who successfully defeated Touch ID using a fingerprint lifted from the back of an iPhone has posted a video showing exactly how it was done.

While the hacker – who goes by the nickname Starbug – described the attack as “very straightforward and trivial,” he revealed in an email interview with arsTechnica that it required 30 hours of work using a scanner, high-res laserprinter and a printed circuit board etching kit.

It took me nearly 30 hours from unpacking the iPhone to a [bypass] that worked reliably. With better preparation it would have taken approximately half an hour. I spent significantly more time trying to find out information on the technical specification of the sensor than I actually spent bypassing it.

I was very disappointed, as I hoped to hack on it for a week or two. There was no challenge at all; the attack was very straightforward and trivial.

Should 5s owners worry that, now that the technique is known, it could be replicated in 30 mins? The answer is ‘it depends, but probably not’ …  Read more

How-to: Deal with the infamous Apple ID

Screen Shot 2013-07-23 at 5.59.04 AM

This is the third how-to in our new weekly series: 

One of the most common issues I hear about is forgotten Apple IDs. But this is not as simple as it sounds. Figuring out Apple ID details can involve finding out what the Apple ID username is, which Apple ID they should be using (if they have multiple), resetting security questions and answers, and resetting passwords.

Most people, if they have an iPhone, iPod Touch or iPad, are using their Apple ID on their mobile device. From there, if you go into the Settings App, you will be able to see your Apple ID.

Always double-check to see if you have two different Apple IDs: one for iCloud and one for iTunes and App Stores.  Under Settings, press iCloud. Make note of the email address listed in the account. To go back to the main Settings page, press the Settings arrow in the upper left hand corner. Then scroll down until you see iTunes and App Stores and press it. You now have three different possible scenarios: Read more

How-to: Change the email address associated with your Apple ID

This is the second article in our new Saturday how-to series (see last week’s post about safely deleting an iCloud account)

It is highly recommended that you tie an active, valid email address to your Apple ID. The Apple ID is your login for Apple services such as iTunes, App Store, iMessage, and FaceTime.

By actually using an active email address for your Apple ID, you will receive important emails from Apple. Additionally, iTunes will email you whenever you purchase paid content from iTunes, including iBooks and Apps.

Apple will also email you if the password for your Apple ID was changed, someone tried using Find My Device, or your Apple ID was used on a brand new device.

It is important to track this information in order to stop an issue if someone has hacked your account. Keeping tabs on iTunes purchase alerts could also ensure that someone is not using your account to get their content at your cost…

Read more

How-to: Safely delete an iCloud account from your Mac or iOS device

Screen Shot 2013-07-12 at 11.50.50 AM

This is the first entry in our new, weekly how-to’s column. Check back every Saturday for a new how-to:

First off, before we begin and actually discuss how to safely delete an iCloud account, we should discuss the different scenarios as to why you might need to delete your iCloud account off of your devices.

  1. If you are using the same Apple ID as a family member for iCloud, several different outcomes could result from this.  Odds are that your content got merged, and all of your personal information is mixed together. You are both getting frustrated that your contacts are disappearing because you each delete and re-add them and iCloud pushes the changes to both of you. You also might be getting each other’s iMessages and FaceTime calls. Or one of you is using and enjoying the features and benefits of iCloud whereas the other isn’t and is missing out on features like Backup to iCloud and Find my Device.
  2. The email address associated with the Apple ID you are using for iCloud is no longer a valid, active email address. In that case, you’ll need to change the email address associated with your Apple ID, which I will be discussing in next week’s article.

On an iOS Device, go into the Settings app and scroll down until you see iCloud. To delete the iCloud account from the device, just press the big red “Delete Account” button. To do this on a Mac, go into System Preferences and choose iCloud, the press the “Sign Out” button…

Read more

Apple now offering PayPal for online store purchases starting with Germany

apple_store_paypal

As first spotted by our friends over at German language publication Macerkopf.de, Apple appears to be rolling out an option to make purchases on the Apple Online Store using PayPal. The feature appears to be limited to Germany currently, but it could mark the start of a broader roll out to other users.

Screen Shot 2013-05-22 at 10.36.03 AM

Apple has never been opposed to offering the option to use PayPal for some services. Users in the U.S. have long been able to setup PayPal as a payment option for their Apple ID on the desktop, allowing them to purchase iTunes content with PayPal on iTunes & the Mac App Store. Apple does, however, already support PayPal payments for its online store in China.

It also allows its education customers to use PayPal for volume purchases of iOS apps, but the privilege didn’t extend to making purchases from the online store at Apple.com.

Apple’s help page for  payments and tax information in Germany now explains how users can opt for PayPal at checkout, but we’ve yet to find the feature live in other countries that we’ve tested.

Users will not have to setup their PayPal as their payment option for their Apple ID, instead they will be redirected to log in using their PayPal username and password at the time of purchase: Read more

Apple’s two-step verification rolling out to additional countries: Canada, Argentina, Netherlands, Russia, Mexico, Poland, Brazil, more

Two-step-verification-apple-ID

Update 2: It looks like Apple prematurely rolled out the feature to many countries and quickly removed it. The only officially supported countries listed on Apple’s website include “U.S., UK, Australia, Ireland, and New Zealand.”

Update:  Mexico, Germany Netherlands, Russia, Austria, Brazil, Belgium, Portugal, Italy & Poland too. Let us know in the comments if the feature is now available in your country.

Apple appears to have recently started rolling out its new two-step verification feature for Apple IDs to users in additional countries. When Apple first launched the service in late March, it was initially only available to users in  U.S., UK, Australia, Ireland, and New Zealand. Today we’ve confirmed that Canadian users now have access to the feature, while we’ve also received tips from users in Argentina & Pakistan signalling that the feature is beginning to roll out in other countries as well.  Read more