How The iPhone 6 Can Be Hacked With A Fake Fingerprint

The iPhone 6 can be hacked with a fake fingerprint, researchers at mobile security firm Lookout claims.

Last year, when the iPhone 5S was released, Lookout’s principal security researcher, Marc Rogers, explained how its TouchID fingerprint sensor could be hacked.

He’s done it again

A fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser printed at 1,200dpi onto a transparent sheet with a thick toner setting.

Next, white woodglue was smeared into the pattern created by the toner on the sheet. Once set, the print was lifted from the sheet, breathed on to add some moisture, then placed onto the sensor to unlock the phone. Now, he claims to have done the same with the iPhone 6.

Despite adding Apple Pay to the iPhone, the in-built security has not evolved enough over the last year, according to Rogers, who believes that iPhone users are still vulnerable to the exact same security flaw as a year ago. “Except now, with Apple Pay, the bad guys have more incentive to access an iPhone,” he explains in a blog post.

Lookout’s recommendation last year was to introduce two-factor authentication. “Apple is correct to say that people are looking for convenient payment methods, but that cannot come at the cost of security,” comments Rogers. “The secure solution could be as simple as adding an additional security barrier such as a passphrase or pin code to be used in conjunction with the fingerprint.”

Rogers was keen to point out that iPhone users need not be overly concerned about the hack, though. He says: The sky isn’t falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual. I’ll reiterate my analogy from my last blog on TouchID: We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.

“The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.”

How much do you know about the iPhone 6? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

10 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

12 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago