iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack

by

Apple has done little to improve security in the Touch ID technology used in its current iPhone 6 handset, claims security researcher Marc Rogers of Lookout Security (via CNET). As shown by Rogers, the latest iPhone models are vulnerable to hacking using the same fake fingerprint technique first demonstrated with the iPhone 5s.

photo-3-touchid
The technique requires a hacker to lift a suitable fingerprint from a solid surface and create a copy using forensic techniques that require specialized equipment. If done properly, these replica fingerprints can activate the Touch ID sensors on both the iPhone 6 and the iPhone 5s.

Sadly there has been little in the way of measurable improvement in the sensor between these two devices. Fake fingerprints created using my previous technique were able to readily fool both devices.

Rogers adds that the only changes in Touch ID appear to be in the sensitivity of the iPhone 6 fingerprint sensor, with the iPhone 6 possibly supporting a higher resolution scan. This improved scanner makes it harder for a fingerprint to be cloned by an unskilled criminal, but it does not add any additional security precautions, such as a time-based passcode requirement, to the Touch ID authentication system.

Touch ID may offer adequate security for unlocking phones, but Rogers questions its effectiveness as a deterrent to the much more lucrative credit card and mobile payment theft. With Apple opening up its iPhone 6 to mobile payments with Apple Pay, the potential for this form of theft becomes more likely as criminals begin targeting iPhone users in order to exploit these mobile transactions. Still, the complexity of creating a fake fingerprint means users are much more likely to be affected by a stolen plastic credit card than a spoofed Touch ID fingerprint linked to Apple Pay.

[T]he sky isnt falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.

Apple Pay is Apple's new mobile payment initiative that will debut with an iOS software update next month. The system uses NFC to process payments wirelessly with a one-time token and Touch ID authorization for security. Apple is partnering with credit card companies and US retailers including Walgreens, Macy's, and Nike to roll out the service.

Top Rated Comments

Lord Hamsa Avatar
83 months ago
And the number of times this "hack" has actually been used successfully in the wild is...?
Score: 55 Votes (Like | Disagree)
Bacong Avatar
83 months ago
This is not news. Why even report this? Average person sees "Touch ID vunerable" and doesn't use it. Meanwhile, the contents of the article, just as last year, CLEARLY indicate how extremely difficult and unlikely this is to ever occur to anyone, or that it's even worth the effort, or possible to do quickly enough before the phone is remotely wiped (the function of which I'd hope anyone who has sensitive information on their phone is aware of)
Score: 48 Votes (Like | Disagree)
anzio Avatar
83 months ago
They've also not improved the security of passwords I write down and leave all around where I've been. Anyone can still pick this up and access my phone. Disappointed. :rolleyes:
Score: 32 Votes (Like | Disagree)
reden Avatar
83 months ago

And the number of times this "hack" has actually been used successfully in the wild is...?


The next Mission Impossible movie.
Score: 20 Votes (Like | Disagree)
Zxxv Avatar
83 months ago
Thats why Governments love to have your fingerprints. They can easily make a dummy finger now. So when they arrest you with your new shiny iPhone they just phone the lab to make one up. The lab kit makes it in 10, it arrives with the officer in 30 minutes. No need to know your password. And no one will know they've been in your iPhone

/s
/jk
enable panic mode
Score: 16 Votes (Like | Disagree)
tevion5 Avatar
83 months ago
Will our porn ever be safe?
Score: 16 Votes (Like | Disagree)

Top Stories

bloodoxygenapplewatch

Apple Watch Series 7 Rumored to Feature Blood Glucose Monitoring

Monday January 25, 2021 5:05 am PST by
The Apple Watch Series 7 will reportedly feature blood glucose monitoring via an optical sensor, according to ETNews. The report, which mainly focuses on the blood glucose capabilities of the Samsung Galaxy Watch 4, explains that Apple is intending to bring blood glucose monitoring to the upcoming Apple Watch Series 7 using a non-invasive optical sensor. Measuring blood glucose levels,...
magsafecasedangle

Apple Elaborates on Potential for iPhone 12 and MagSafe Accessories to Interfere With Implantable Medical Devices

Saturday January 23, 2021 2:42 pm PST by
Since the launch of iPhone 12 models in October, Apple has acknowledged that the devices may cause electromagnetic interference with medical devices like pacemakers and defibrillators, but the company has now shared additional information. Apple added the following paragraph to a related support document today:Medical devices such as implanted pacemakers and defibrillators might contain...
14

Apple Releases iOS 14.4 and iPadOS 14.4 With New Camera Warnings and Bug Fixes

Tuesday January 26, 2021 10:04 am PST by
Apple today released iOS and iPadOS 14.4, the fourth major updates to the iOS 14 operating system that was initially released in September. iOS and iPadOS 14.4 come more than a month after the release of iOS and iPadOS 14.3, updates that brought new emojis, Intercom support, and more. The iOS and iPadOS 14.4 updates can be downloaded for free and the software is available on all eligible...
Top Stories 44 Feature

Top Stories: 'Thinner and Lighter' MacBook Air, Smaller iPhone 13 Notch, iOS 14.4 Incoming

Saturday January 23, 2021 6:00 am PST by
We continued to hear a lot more about Apple's plans for its Mac lineup this week, including word of a high-end redesigned MacBook Air and the return of an SD card slot as part of the upcoming MacBook Pro redesign. It also sounds like Apple has been working on Face ID for Mac, but it won't be appearing in a redesigned iMac this year as originally planned. This week also saw rumors about the...
14

Apple Releasing iOS 14.4 and watchOS 7.3 Later Today

Tuesday January 26, 2021 7:20 am PST by
In its Black History Month announcement this morning, Apple has confirmed that iOS 14.4 and watchOS 7.3 will be released later today. watchOS 7.3 expands the ECG app on the Apple Watch Series 4 and newer to Japan, Mayotte, Thailand, and the Philippines, while iOS 14.4 introduces a notification on iPhone 12 models with non-genuine cameras. Both software updates also add support for a new...
maxresdefault

Microsoft Touts Surface Pro 7 as 'The Better Choice' Over MacBook Pro in New Ad

Saturday January 23, 2021 11:02 am PST by
Microsoft yesterday shared a new ad on YouTube titled "Microsoft Surface Pro 7: The Better Choice," in which the company compares its tablet computer to Apple's 13-inch M1 MacBook Pro, as spotted by MSPoweruser. The ad highlights the Surface Pro 7's touchscreen and included stylus as opposed to only a "little bar" (the Touch Bar) on the MacBook Pro. Other advantages of the Surface Pro 7...
apple watch black unity

Apple Celebrates Black History Month With Limited-Edition Watch, Featured Apps and Books, and More

Tuesday January 26, 2021 6:14 am PST by
Apple today announced that it will be celebrating Black History Month with curated content that highlights and amplifies Black creators, artists, developers, and businesses across the App Store, Apple Music, the Apple TV app, Apple Books, Apple Podcasts, and more. The content will be featured throughout the month of February. Black Unity Sport Band has "Truth. Power. Solidarity." ...
7

Apple Releases watchOS 7.3 With Unity Watch Face, Expanded ECG Availability and More

Tuesday January 26, 2021 10:03 am PST by
Apple today released watchOS 7.3, the third major update to the watchOS 7 operating system that was released in September. watchOS 7.3 comes more than a month after watchOS 7.2, an update that brought support for Apple Fitness+ ‌‌The watchOS 7.3 update‌‌ can be downloaded for free through the dedicated Apple Watch app on the iPhone by going to General > Software Update. To install...
time to walk apple watch

Apple Fitness+ Feature 'Time to Walk' Launching Soon With Audio Stories From Special Guests

Saturday January 23, 2021 7:13 pm PST by
Earlier this week, Apple seeded the watchOS 7.3 Release Candidate, which is typically the final beta version of a software update. The release notes for the update list a new "Time to Walk" feature for Apple Fitness+ subscribers, described as "an audio experience in the Workout app where guests share inspiring stories as you walk." Apple Fitness+ subscribers will be able to open the Workout...
apple dan riccio

Dan Riccio Transitioning to New Project, John Ternus to Lead Apple's Hardware Engineering Team

Monday January 25, 2021 2:05 pm PST by
Apple today announced that current Apple hardware engineering SVP Dan Riccio is transitioning to a new role where he will focus on an unspecified project, with John Ternus set to take over as Apple's senior vice president of hardware engineering. In a statement, Apple CEO Tim Cook said that Riccio made Apple a better and more innovative company, and that Ternus will bring a deep expertise...