iPhone 6 TouchID hacked by laser printing method

Appleโ€™s New iPhone 6 TouchID Hacked

If you were believing the Apple’s latest flagship, the iPhone 6 was more secure than its predecessor the iPhone 5, you are, sadly mistaken. The most awaited smartphone from the Apple still carries the flaw that let Marc Rogers hack the TouchID, the fingerprint scan and unlock feature of the iPhone 6.

Marc Rogers, a security researcher from Lookoutย hasย claimed in a blog post that he was able to hack the iPhone 6 TouchID in exactly the same manner which he hacked the iPhone 5 when it was launched a year ago. ย This proves that Apple has done little to patch the security flaw which Marc managed to exploit.

He states,โ€œSadly there has been little in the way of measurable improvement in the sensor between these two devices. โ€œFake fingerprints created using my previous technique were able to readily fool both devices.โ€

The method used by Marc to hack into iPhone 6 TouchID feature and unlock it without the owners express approval, ย is a rather long process. ย To hack the iPhone 6, the potential hacker has to use a laser-printed image of the enrolled fingerprint, create a mould of the fingerprint and then apply it to the TouchID sensor. ย The iPhone 6 fails to notice the abnormality and unlocks.

Nobody expects an hacker to undertake such a strenuous journey to hack a iPhone 6 but it does point out that there is a vulnerability which can be exploited. Marc says, “the attack requires skill, patience, and a really good copy of someoneโ€™s fingerprint โ€” any old smudge wonโ€™t work.” He added that, “Furthermore, the process to turn that print into a useable copy is sufficiently complex that itโ€™s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.”

After the last years hack and post on the blog, Marc had hoped that Apple would work on patching the above vulnerability but sadly, it seems that Apple engineers have made no attempt had been made to improve TouchID security. ย Marc stated on the blog that Apple has not even included โ€œthe ability to set a timeout for TouchID after which a passcode must be entered.โ€

This feature if enabled would hardly let a hacker carryout the long drawn hacking process before the iPhone locks itself again. Instead Marc says the hack, using the above method has become more easier thanks to the improved sensor. ย iPhone 6 sensor is now more sensitive due to a higher resolution scanning.

โ€œHow do I know this? Well, during my testing I noticed that I got far less โ€˜false negativesโ€™ with the iPhone 6 (false negatives are where the device rejects your legitimate fingerprint). However, itโ€™s likely this is also aided by the fact that the iPhone 6 appears to scan a much wider area of your fingerprint to improve reliability.”

“Another sign that the sensor may have improved is the fact that slightly โ€œdodgyโ€ fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6. To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.” he added, ” None of these are challenging details for a researcher in the lab, but are likely to make it a little bit harder for a criminal to just โ€œlift your fingerprintโ€ from the phoneโ€™s glossy surface and unlock the device.”

Read More

Suggested Post