The iPhone’s in-built security has not evolved enough over the last year, according to one security expert.
Last year, when the iPhone 5S was released, Lookout’s principal security researcher, Marc Rogers, explained how its TouchID fingerprint sensor could be hacked.
He’s done it again
A fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser printed at 1,200dpi onto a transparent sheet with a thick toner setting.
Next, white woodglue was smeared into the pattern created by the toner on the sheet. Once set, the print was lifted from the sheet, breathed on to add some moisture, then placed onto the sensor to unlock the phone. Now, he claims to have done the same with the iPhone 6.
Despite adding Apple Pay to the iPhone, the in-built security has not evolved enough over the last year, according to Rogers, who believes that iPhone users are still vulnerable to the exact same security flaw as a year ago. “Except now, with Apple Pay, the bad guys have more incentive to access an iPhone,” he explains in a blog post.
Lookout’s recommendation last year was to introduce two-factor authentication. “Apple is correct to say that people are looking for convenient payment methods, but that cannot come at the cost of security,” comments Rogers. “The secure solution could be as simple as adding an additional security barrier such as a passphrase or pin code to be used in conjunction with the fingerprint.”
Rogers was keen to point out that iPhone users need not be overly concerned about the hack, though. He says: The sky isn’t falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual. I’ll reiterate my analogy from my last blog on TouchID: We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.
“The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.”
How much do you know about the iPhone 6? Take our quiz!