Apple's Touch ID is Still Vulnerable to Faked Fingerprints
Posted September 24, 2014 at 8:33pm by iClarified
Security on the Apple Touch ID fingerprint reader of the iPhone 6 has only been marginally tightened and it's still vulnerable to a simple fake fingerprint hack, reports Marc Rogers, chief security researcher at Lookout Mobile Security.
"I don't think people need to worry just yet, but there are distinct flaws that could lead to problems down the line, he told CNET. Rogers used the same low-budget technique to fake fingerprints and unlock the iPhone 6 as he demonstrated previously on the iPhone 5S.
"Sadly there has been little in the way of measurable improvement in the sensor between these two devices," he wrote. "Fake fingerprints created using my previous technique were able to readily fool both devices."
The only notable improvement is due to the better Touch ID sensor. Slightly "dodgy" fake fingerprints that were able to fool the iPhone 5s, did not work on the iPhone 6. To trick the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.
While that is a slight improvement, Rogers says he can't help but wish Apple did more to tighten security.
"I can’t help but be a little disappointed that Apple didn’t take this chance to really tighten up the security of TouchID. Especially when you consider their clear intention to widen its usage beyond simply unlocking your phone into the realm of payments."
If you want to see how a fingerprint is lifted and cloned for use with Touch ID, check out these videos.
Read More [via CNET]
"I don't think people need to worry just yet, but there are distinct flaws that could lead to problems down the line, he told CNET. Rogers used the same low-budget technique to fake fingerprints and unlock the iPhone 6 as he demonstrated previously on the iPhone 5S.
"Sadly there has been little in the way of measurable improvement in the sensor between these two devices," he wrote. "Fake fingerprints created using my previous technique were able to readily fool both devices."
The only notable improvement is due to the better Touch ID sensor. Slightly "dodgy" fake fingerprints that were able to fool the iPhone 5s, did not work on the iPhone 6. To trick the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.
While that is a slight improvement, Rogers says he can't help but wish Apple did more to tighten security.
"I can’t help but be a little disappointed that Apple didn’t take this chance to really tighten up the security of TouchID. Especially when you consider their clear intention to widen its usage beyond simply unlocking your phone into the realm of payments."
If you want to see how a fingerprint is lifted and cloned for use with Touch ID, check out these videos.
Read More [via CNET]