Skip to main content

Unlikely fingerprint hack plus Airplane Mode from lockscreen prevents remote wipe

For those paranoid spy folks out there, SRLabs has pointed out an additional security weakness which could help an attacker use the fingerprint hack to access an iPhone 5s.

The fingerprint hack takes time: around half an hour of actual work, plus drying time. Provided you notice your phone has gone before the thief gains access, you can simply remotely lock or wipe the phone. But with Airplane Mode accessible from the control center on the lockscreen, a thief can simply enable this to prevent the phone being wiped while they are dealing with the fingerprint … 

Once a thief has used a spoofed fingerprint to gain access, they could use the Apple ID ‘forgotten password’ link to have a password reset link sent to the phone. With the Apple ID changed, the thief can safely switch Airplane Mode off knowing that the owner will no longer be able to wipe it.

There are a couple of things you can do to to guard against this. First, go into Settings -> Control Center and switch off Access on Lock Screen:

lock

Second, as soon as you find your phone has gone, use another device to change your email password. That way, if the thief gains access, they won’t have access to new emails, so won’t be able to receive the password reset link.

As we said before, however, this isn’t a trivial hack, it’s something that requires a considerable amount of time, effort, skill and equipment. The question then becomes: is the data on your phone worth that effort? If you’re the CEO of a Silicon Valley startup, maybe. If you’re the average guy on the street, it’s unlikely to be something you have to worry about.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. “Once a thief has used a spoofed fingerprint to gain access, they could use the Apple ID ‘forgotten password’ link to have a password reset link sent to the phone. With the Apple ID changed, the thief can safely switch Airplane Mode off knowing that the owner will no longer be able to wipe it.”

    Erm, how exactly? They won’t be able to connect to get the reset email without the phone making contact with Apple and wiping itself. The only thing I could think of would be to connect to a Wi-Fi network that goes through something configured to only allow email connections through.

  2. Sean O'Farrell - 10 years ago

    Why not simply remove the SIM?

  3. Douglas Brace - 10 years ago

    I don’t have an iPhone 5s but I do have iOS 7 on my iPhone 5. I removed Control Center from the lock screen. Problem solved.

    • Derek Wildstar - 10 years ago

      good idea, same here. also removed siri from the lock screen. Since the fingerprint allows fast and easy access to both of these now, why keep them activated on the lock screen.

    • ifunography - 10 years ago

      I’ve done the same on my iPhone 4S.

  4. kevdyas - 10 years ago

    There is still a problem here then… On devices where the lock screen hasn’t got a quick delay the thief could go straight into resetting the password for iCloud!

    • Lee Palisoc - 10 years ago

      That would require you to answer some security questions when you reset password in iCloud.

      • Lee Palisoc - 10 years ago

        Oh never mind.

  5. Rūkymas Žudo - 10 years ago

    Okey, if someone steals your iPhone 5s in the street but from where he will get victim fingerprint?

    • Ben Lovejoy - 10 years ago

      From the phone casing

    • Paul Threatt - 10 years ago

      Fingerprints left on the device. Typically the glass screen and back. Finding a good print seems necessary, but the phone is about as ideal as it gets for transferring visible prints without “dusting”.

      • Ricardo Chavarria - 10 years ago

        Problem is, the back of the iPhone 5s has no back glass, it’s aluminium.

  6. Ok, first he says it takes an hour, not 30 minutes to do the finger print thing.. second, it’s HIGHLY unlikely that there would be an un-smudged, usable, fingerprint on the phone. The finger print button doesn’t keep finger print and all prints on the screen are 99% smudged.. if there at ALL. Third, all reports from experts are saying it takes 30 HOURS to pull and get a viable print. like CSI level of work, not an hour..

    I mean seriously, he says a wood duplicate print? WOOD? 1 hour my ass. and the expertise required is just laughable.

    • Ben Lovejoy - 10 years ago

      The original hack was 30 hours, but most of that was figuring out how to do it. It’s 30 mins now the technique is known. But it’s still a huge amount of effort to access some random person’s phone.

    • Paul Threatt - 10 years ago

      Wood GLUE. Not wood. And the effort doesn’t require a whole print. Granted, the technique here is worth a shot to thieves, but it’s no guarantee of success. They’re just pointing out the potential vulnerabilities and fixes to further their careers.

  7. Jim Roxton (@JimRoxton) - 10 years ago

    Apple should simply remove Airplane mode in control center when control center is accessed from the lock screen, but keeps the toggle in control center when accessed from an unlocked phone. Problem solved. I can’t think of a reason one would need such quick access to Airplane mode (from lock screen). There’s a mute switch on the side, and flying does not happen often enough (your flights are 15 minutes long?) where you can’t just unlock the phone and enable Airplane mode from control center at the home screen.

  8. brad (@beingbrad) - 10 years ago

    But the important lesson here is that the achilles heel of the remote wipe/need Apple ID to reset phone is the simple access to airplane mode.

  9. Thomas Marble Peak - 10 years ago

    On the 4-digit passcode portion of the video, the owner could go to Settings | General | Passcode Lock and set the device to “Erase Data” after 10 failed attempts. If you are the owner and accidentally erase your data — you can easily restore it from your backups.

  10. Byron Swift - 10 years ago

    I don’t condone the behavior but it’s super simple.. You can remove the sim card if the phone is gsm, and no you can’t wipe through wifi unless the thief connects to a wifi spot which he can’t do unless he bypass the lockscreen. Once he bypasses the lockscreen it’s a wrap for removing any old account information.
    You can also just power the phone off while you work on lifting the fingerprint…

    • pkadam - 10 years ago

      You reckon it is that simple to lift a clear print from the casing if the phone.

      Why don’t you try it.

      I am still waiting for those guys who first fooled Touch ID to come back with the same bypass but with a fingerprint lifted from anything.

      I am not holding my breath.

  11. Ilya Levin - 10 years ago

    Solid points, and solid solutions.
    The most important point though – not allowing email upon IP change before phoning home to Apple to check the “Lost” status could create some annoying “no internet” times, when you connect to a new wifi.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear