For those paranoid spy folks out there, SRLabs has pointed out an additional security weakness which could help an attacker use the fingerprint hack to access an iPhone 5s.

The fingerprint hack takes time: around half an hour of actual work, plus drying time. Provided you notice your phone has gone before the thief gains access, you can simply remotely lock or wipe the phone. But with Airplane Mode accessible from the control center on the lockscreen, a thief can simply enable this to prevent the phone being wiped while they are dealing with the fingerprint … 

Once a thief has used a spoofed fingerprint to gain access, they could use the Apple ID ‘forgotten password’ link to have a password reset link sent to the phone. With the Apple ID changed, the thief can safely switch Airplane Mode off knowing that the owner will no longer be able to wipe it.

There are a couple of things you can do to to guard against this. First, go into Settings -> Control Center and switch off Access on Lock Screen:

lock

Second, as soon as you find your phone has gone, use another device to change your email password. That way, if the thief gains access, they won’t have access to new emails, so won’t be able to receive the password reset link.

As we said before, however, this isn’t a trivial hack, it’s something that requires a considerable amount of time, effort, skill and equipment. The question then becomes: is the data on your phone worth that effort? If you’re the CEO of a Silicon Valley startup, maybe. If you’re the average guy on the street, it’s unlikely to be something you have to worry about.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

23 Responses to “Unlikely fingerprint hack plus Airplane Mode from lockscreen prevents remote wipe”

  1. “Once a thief has used a spoofed fingerprint to gain access, they could use the Apple ID ‘forgotten password’ link to have a password reset link sent to the phone. With the Apple ID changed, the thief can safely switch Airplane Mode off knowing that the owner will no longer be able to wipe it.”

    Erm, how exactly? They won’t be able to connect to get the reset email without the phone making contact with Apple and wiping itself. The only thing I could think of would be to connect to a Wi-Fi network that goes through something configured to only allow email connections through.

  2. Why not simply remove the SIM?

  3. I don’t have an iPhone 5s but I do have iOS 7 on my iPhone 5. I removed Control Center from the lock screen. Problem solved.

  4. kevdyas says:

    There is still a problem here then… On devices where the lock screen hasn’t got a quick delay the thief could go straight into resetting the password for iCloud!

  5. Okey, if someone steals your iPhone 5s in the street but from where he will get victim fingerprint?

  6. Ok, first he says it takes an hour, not 30 minutes to do the finger print thing.. second, it’s HIGHLY unlikely that there would be an un-smudged, usable, fingerprint on the phone. The finger print button doesn’t keep finger print and all prints on the screen are 99% smudged.. if there at ALL. Third, all reports from experts are saying it takes 30 HOURS to pull and get a viable print. like CSI level of work, not an hour..

    I mean seriously, he says a wood duplicate print? WOOD? 1 hour my ass. and the expertise required is just laughable.

    • Ben Lovejoy says:

      The original hack was 30 hours, but most of that was figuring out how to do it. It’s 30 mins now the technique is known. But it’s still a huge amount of effort to access some random person’s phone.

    • Paul Threatt says:

      Wood GLUE. Not wood. And the effort doesn’t require a whole print. Granted, the technique here is worth a shot to thieves, but it’s no guarantee of success. They’re just pointing out the potential vulnerabilities and fixes to further their careers.

  7. Apple should simply remove Airplane mode in control center when control center is accessed from the lock screen, but keeps the toggle in control center when accessed from an unlocked phone. Problem solved. I can’t think of a reason one would need such quick access to Airplane mode (from lock screen). There’s a mute switch on the side, and flying does not happen often enough (your flights are 15 minutes long?) where you can’t just unlock the phone and enable Airplane mode from control center at the home screen.

  8. But the important lesson here is that the achilles heel of the remote wipe/need Apple ID to reset phone is the simple access to airplane mode.

  9. On the 4-digit passcode portion of the video, the owner could go to Settings | General | Passcode Lock and set the device to “Erase Data” after 10 failed attempts. If you are the owner and accidentally erase your data — you can easily restore it from your backups.

  10. Byron Swift says:

    I don’t condone the behavior but it’s super simple.. You can remove the sim card if the phone is gsm, and no you can’t wipe through wifi unless the thief connects to a wifi spot which he can’t do unless he bypass the lockscreen. Once he bypasses the lockscreen it’s a wrap for removing any old account information.
    You can also just power the phone off while you work on lifting the fingerprint…

    • pkadam says:

      You reckon it is that simple to lift a clear print from the casing if the phone.

      Why don’t you try it.

      I am still waiting for those guys who first fooled Touch ID to come back with the same bypass but with a fingerprint lifted from anything.

      I am not holding my breath.

  11. Ilya Levin says:

    Solid points, and solid solutions.
    The most important point though – not allowing email upon IP change before phoning home to Apple to check the “Lost” status could create some annoying “no internet” times, when you connect to a new wifi.