The iPhone 6 has been out for less than a day and already would-be hackers are suggesting that its Touch ID fingerprint sensor can be tricked — thanks to a lifted fingerprint and some latex.
The video, posted to YouTube by Security Research Labs, comes with a description noting that, “Although it was shown immediately that the previous iPhone model’s Touch ID could not stand up to rudimentary attacks, the same technology has been included again in the iPhone 6 without any improvement whatsoever.”
There have been numerous demos showing Apple’s Touch ID sensor being beaten over the past year, although it’s always been impossible to shake the argument that it would surely be easier for a thief to force a person to unlock their iPhone than it would be to surreptitiously lift a fingerprint and then replicate it with latex. Touch ID may not be infallible, but it’s a whole lot better than a four-digit security code.
What’s different about this year’s Touch ID is the fact that it is now tied into Apple Pay — as well as third-party app authentication — thereby greatly increasing the incentive for hackers to attack it.
In the lead-up to iPhone 6 launch it was reported that Apple’s 2014 refresh of Touch ID would focus on internal modifications designed to make the fingerprint-scanning hardware more durable and secure.
While Apple’s fingerprint sensor has already been beaten, though, don’t worry: this kind of crack may be reproducible in the lab, but it’s going to be next to impossible to replicate in the real world. You’re far more likely to be robbed by a mugger than you are to have a beautiful woman lift your fingerprints of a martini glass. Sadly.
The video can be seen below:
Via: Apfeleimer.de
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
18 responses to “New iPhone 6 fingerprint sensor fooled on day one (but don’t panic)”
Talk about Apple bashing! So much of trying to pull negative stories on the release day.
oh please. it’s not about positive or negative. it’s about page hits. what will get them gets posted.
Or if they’re smart they’ll carry pruning shears. Yikes on the thought.
Thing like this I would dismiss cuz it’s not really practical. You gotta have a phone, and finger print then try to hack which is long enough for owner to wipe remotely
Google will be happy to hear anything negative about security on the iPhone. They’re in danger of losing their Google Wallet “empire” to a johnny-come-lately Apple. They can’t be too happy about what they thought was a certain lock-in for all Android smartphones.
Alleged hacks of Touch ID is theoretically possible, UNDER IDEAL CONDITIONS, but ideal conditions do not exist in the real world. Generally lifted latents are not of Touch ID readable quality, and for sure not complete enough to be recognized by Touch ID. Identifiable prints require at least 8 definable points. Most prints lifted from crime scenes do not meet this standard. Touch ID uses a much higher standard than do police forensics. Take it from a retired police officer, these reports of lifting fingerprints that then fool Touch ID ARE LAB RESULTS that are not duplicatable in the real world.
This is the same BS they posted last year. They use a perfect lifted finger that they knew would work because they set it up.
And as said, in the real world this is near to impossible to pull off because you won’t get a perfect lift.
This is such a crock of horse shit. “Rudimentary” attack, my ass. “Here, dude, lemme borrow your finger… here, wait ’til I make a latex cast… OK, now, like, lemme see your phone for a sec…”
Asshats.
Or just use a cigar cutter. Hell they are a criminal. :-)
A criminal who will have just graduated to a higher level of policing than a simple mugging or theft would warrant. :P Cost/Benefit still likely makes it not worth it.
Haha… so whats the concern? Unless they cut your fingers and before you used it its already locked/wiped and out of time before hacking it making this as usual approach. Make a story of you happen to get an incident of using the phone hacking your cash out. Lol…
I’d be worried if it was the CIA trying to get in to my phone.
If you are a criminal wouldn’t a cigar cutter be an easier route? You are after all a criminal.
Non-story!
Here we go again, haters trying to make the impossible task sound like a breeze…painful to watch how hard they try
Who the fck wants a fingerprint sensor built into the phone? Why nut put a GPS straight up our ass so they can track easier? Hate these spy fckers
First off, no authentication system is 100% foolproof. Those who scoff at Touch ID often inadvertenly log in with their 4-digit password while others are looking. The 4-digit password is one of the easiest authentication methods to bypass.
Second, a thief would have to lift the CORRECT fingerprint. A simple rule of thumb is to authenticate with a non-dominant hand. For example, if you’re right-handed then authenticate with your left. Also, authenticate with one finger and navigate with another.
The Samsung’s fingerprint scanner is also susceptable to spoofing. Many people criticize fingerprint authentication for their vulnerabilities but they forget that such authentication devices have limitations because of power consumption issues and physical space.
I would prefer to authenticate with a fingerprint scanner over a 4-digit password anytime. The thief would still have to lift my correct fingerprint which is easier said than done. Many theives don’t walk around with a “Fingerprint Removal System” handy. Fingerprint removal is not as easy as it appears.
There will be a lot more of improvement on the coming months I suppose.