iPhone 6 TouchID hacked by laser printing method

Apple’s New iPhone 6 TouchID Hacked

If you were believing the Apple’s latest flagship, the iPhone 6 was more secure than its predecessor the iPhone 5, you are, sadly mistaken. The most awaited smartphone from the Apple still carries the flaw that let Marc Rogers hack the TouchID, the fingerprint scan and unlock feature of the iPhone 6.

Marc Rogers, a security researcher from Lookout has claimed in a blog post that he was able to hack the iPhone 6 TouchID in exactly the same manner which he hacked the iPhone 5 when it was launched a year ago.  This proves that Apple has done little to patch the security flaw which Marc managed to exploit.

He states,“Sadly there has been little in the way of measurable improvement in the sensor between these two devices. “Fake fingerprints created using my previous technique were able to readily fool both devices.”

The method used by Marc to hack into iPhone 6 TouchID feature and unlock it without the owners express approval,  is a rather long process.  To hack the iPhone 6, the potential hacker has to use a laser-printed image of the enrolled fingerprint, create a mould of the fingerprint and then apply it to the TouchID sensor.  The iPhone 6 fails to notice the abnormality and unlocks.

Nobody expects an hacker to undertake such a strenuous journey to hack a iPhone 6 but it does point out that there is a vulnerability which can be exploited. Marc says, “the attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work.” He added that, “Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.”

After the last years hack and post on the blog, Marc had hoped that Apple would work on patching the above vulnerability but sadly, it seems that Apple engineers have made no attempt had been made to improve TouchID security.  Marc stated on the blog that Apple has not even included “the ability to set a timeout for TouchID after which a passcode must be entered.”

This feature if enabled would hardly let a hacker carryout the long drawn hacking process before the iPhone locks itself again. Instead Marc says the hack, using the above method has become more easier thanks to the improved sensor.  iPhone 6 sensor is now more sensitive due to a higher resolution scanning.

“How do I know this? Well, during my testing I noticed that I got far less ‘false negatives’ with the iPhone 6 (false negatives are where the device rejects your legitimate fingerprint). However, it’s likely this is also aided by the fact that the iPhone 6 appears to scan a much wider area of your fingerprint to improve reliability.”

“Another sign that the sensor may have improved is the fact that slightly “dodgy” fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6. To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.” he added, ” None of these are challenging details for a researcher in the lab, but are likely to make it a little bit harder for a criminal to just “lift your fingerprint” from the phone’s glossy surface and unlock the device.”

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here