Berlin-based Security Research Labs has detailed various exploits within the iPhone 5s' Touch ID security feature and iOS 7 that allow would-be criminals to bypass the device's security features, reports Reuters.
The method for bypassing the Touch ID security feature found on the iPhone 5s is very similar to the one used by the Chaos Computer Club, which also claimed to hack Touch ID earlier this month. A video posted on the group’s website shows how Touch ID can be bypassed using information gathered from fingerprints left on the victim’s phone display, demonstrating that a photo taken with the iPhone 4s can be used for developing a mold.
Another video by the group outlines a scenario in which a knowledgeable criminal could steal an iPhone 5s running iOS 7, use Control Center on the lock screen (enabled by default) to turn on Airplane Mode and disable the device’s connectivity, then using a fingerprint mold to bypass the lock screen and disable other various security features. Ultimately, the group shows how an attacker could conceivably gain complete control of a victim's device, Apple ID, and even other services such as Google accounts.
The group ends the video by suggesting Apple do the following to increase security efficiency in iOS 7:
Aside from any future changes Apple may make to increase security, users can already prevent the simple bypass of the Remote Wipe feature by turning off access to Control Center from the lock screen.
iOS 7 has recently been the subject of much praise by security officials, including the New York Police Department, which passed out flyers in New York City recommending users to update to iOS 7, along with government officials who have praised iOS 7’s Activation Lock. Meanwhile, Touch ID has been the subject of much scrutiny since its release, with U.S. Senator Al Franken sending a letter to Tim Cook asking a number of questions about the security of the system and the exact fingerprint storage process. Apple has also published an extensive knowledge base article about the benefits of the Touch ID system to alleviate some consumer concerns.
The method for bypassing the Touch ID security feature found on the iPhone 5s is very similar to the one used by the Chaos Computer Club, which also claimed to hack Touch ID earlier this month. A video posted on the group’s website shows how Touch ID can be bypassed using information gathered from fingerprints left on the victim’s phone display, demonstrating that a photo taken with the iPhone 4s can be used for developing a mold.
Another video by the group outlines a scenario in which a knowledgeable criminal could steal an iPhone 5s running iOS 7, use Control Center on the lock screen (enabled by default) to turn on Airplane Mode and disable the device’s connectivity, then using a fingerprint mold to bypass the lock screen and disable other various security features. Ultimately, the group shows how an attacker could conceivably gain complete control of a victim's device, Apple ID, and even other services such as Google accounts.
The group ends the video by suggesting Apple do the following to increase security efficiency in iOS 7:
1. Make Airplane Mode inaccessible from the lock screen by default and require PIN after setting Airplane Mode or removing SIM Card
2. Warn users not to store password-reset email accounts on iDevices
3. When device is lost for good, advise users to revoke its privileges
4. Do not inform potential attackers how the device is protected
5. Upon reconnecting to the Internet, iOS should not allow email retrieval before the device’s wipe- or don’t-wipe status can be retrieved
Aside from any future changes Apple may make to increase security, users can already prevent the simple bypass of the Remote Wipe feature by turning off access to Control Center from the lock screen.
iOS 7 has recently been the subject of much praise by security officials, including the New York Police Department, which passed out flyers in New York City recommending users to update to iOS 7, along with government officials who have praised iOS 7’s Activation Lock. Meanwhile, Touch ID has been the subject of much scrutiny since its release, with U.S. Senator Al Franken sending a letter to Tim Cook asking a number of questions about the security of the system and the exact fingerprint storage process. Apple has also published an extensive knowledge base article about the benefits of the Touch ID system to alleviate some consumer concerns.
66 comments
Apple is expected to preview the next-generation version of macOS, macOS 10.14, at the keynote event for the Worldwide Developers Conference, set to be held on June 4. Though the keynote is less than...
A second class action lawsuit has been filed against Apple over problematic keyboards in recent MacBook and MacBook Pro models.
Like the first lawsuit last week, this complaint alleges that...
Apple is providing a $50 credit to all customers who paid for an out-of warranty battery replacement for an iPhone 6 or later between the dates of January 1, 2017 and December 28, 2017, the...
Apple Watch Series 3 models with LTE have dominated the cellular-enabled smartwatch market since they were released last September.
Specifically, the Apple Watch accounted for an estimated 59...
Apple has launched a new Data & Privacy website that includes an option for Apple users to download all the data associated with their Apple ID account that the company keeps on its servers.
...
Apple supplier TSMC (Taiwan Semiconductor Manufacturing Company) has started production on the next-generation 7-nanometer A12 chips that will be used in the 2018 iPhone lineup, reports Bloomberg.
...
The United States Federal Bureau of Investigation provided Congress with "grossly inflated" statistics on the number of electronic devices it has been been unable to access due to encryption,...
Apple is planning to share news on APFS support for Fusion Drives "very soon," Apple software engineering chief Craig Federighi told MacRumors reader Jonathan in an email this afternoon.
...
