The iPhone 6 can be hacked with a fake fingerprint, researchers at mobile security firm Lookout claims.
Last year, when the iPhone 5S was released, Lookout’s principal security researcher, Marc Rogers, explained how its TouchID fingerprint sensor could be hacked.
A fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser printed at 1,200dpi onto a transparent sheet with a thick toner setting.
Despite adding Apple Pay to the iPhone, the in-built security has not evolved enough over the last year, according to Rogers, who believes that iPhone users are still vulnerable to the exact same security flaw as a year ago. “Except now, with Apple Pay, the bad guys have more incentive to access an iPhone,” he explains in a blog post.
Lookout’s recommendation last year was to introduce two-factor authentication. “Apple is correct to say that people are looking for convenient payment methods, but that cannot come at the cost of security,” comments Rogers. “The secure solution could be as simple as adding an additional security barrier such as a passphrase or pin code to be used in conjunction with the fingerprint.”
Rogers was keen to point out that iPhone users need not be overly concerned about the hack, though. He says: The sky isn’t falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual. I’ll reiterate my analogy from my last blog on TouchID: We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.
“The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.”
How much do you know about the iPhone 6? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…