The iPhone 6 can be hacked with a fake fingerprint, researchers at mobile security firm Lookout claims.
Last year, when the iPhone 5S was released, Lookout’s principal security researcher, Marc Rogers, explained how its TouchID fingerprint sensor could be hacked.
A fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser printed at 1,200dpi onto a transparent sheet with a thick toner setting.
Despite adding Apple Pay to the iPhone, the in-built security has not evolved enough over the last year, according to Rogers, who believes that iPhone users are still vulnerable to the exact same security flaw as a year ago. “Except now, with Apple Pay, the bad guys have more incentive to access an iPhone,” he explains in a blog post.
Lookout’s recommendation last year was to introduce two-factor authentication. “Apple is correct to say that people are looking for convenient payment methods, but that cannot come at the cost of security,” comments Rogers. “The secure solution could be as simple as adding an additional security barrier such as a passphrase or pin code to be used in conjunction with the fingerprint.”
Rogers was keen to point out that iPhone users need not be overly concerned about the hack, though. He says: The sky isn’t falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual. I’ll reiterate my analogy from my last blog on TouchID: We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.
“The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.”
How much do you know about the iPhone 6? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…