You may recall that the Touch ID sensor was successfully hacked last year, using a technique where fingerprints were lifted from the phone’s casing followed by sophisticated lab techniques used to create artificial copies of the print to activate the sensor.
The bad news is that the sensor in the iPhone 6 is vulnerable to the same methods – the good news is that security researcher Marc Rogers found the iPhone 6 version to be both more secure and more reliable …
The improved security was revealed when Rogers tried using the same less-than-perfect fingerprint copies on the iPhone 5S and 6.
Slightly “dodgy” fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6. To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.
Rogers said that the Touch ID sensor in the iPhone 6 was more reliable, less likely to reject a genuine fingerprint.
The biggest change to the sensor is that it seems to be much more sensitive, which is made possible by a higher resolution scanning part […] it’s likely this is also aided by the fact that the iPhone 6 appears to scan a much wider area of your fingerprint to improve reliability.
While Rogers suggests that its worrying that the same technique still works as Apple prepares to allow Touch ID to be used for Apple Pay, the fact remains that the attack method requires extended access to the phone, a reasonable amount of equipment and a fair degree of determination. It doesn’t appear a likely route for your average fraudster.
Apple has for the first time opened up use of the Touch ID sensor to third-party developers, and we’ve provided a roundup of some of the apps making use of this.
FTC: We use income earning auto affiliate links. More.
In other words, its a non issue, just as it was last year, as there is no practical scenario in which this would ever occur.
Agreed. This is what I was saying.
Yep, for anyone who isn’t the CEO of a promising startup, this is a highly theoretical risk
Hi guys. Beside the fact that it is a really obscure and nearly impossible scenario that Touch-ID gets hacked by a stranger, I really doubt the shown hack of last year. I had a 5s (now a 6, really amazing) and once I had problems with my skin at the fingers (dry and flaky). I swear at a certain point I had to make new finger prints because the phone didn’t accept the old ones. At that point I thought, nobody can tell me that you get “in” with a silicon something of a fingerprint taken from somewhere and not from the finger directly.
I do not know how the hacker managed it, but I think he lie’s and it’s a fake!
Much fun with our new devices ;o))))
It was very clearly demonstrated. It’s an unlikely real-life attack, but it definitely works.
In other words… As long as you don’t have an evil mad scientist for a nemesis… You’re probably fine…
Agreed.
As long as it is safer than someone peeking over my shoulder as I type my password, I’m more than happy with touch id
“Hacked”
It definitely seems a bit improved compared to the previous generation.
So this really isn’t a hack its a spoof. A hack would be someone being able to access the secure element without a fingerprint. No one has been able to do that.
Correct.. Normally, providing cred’s is easier than actually breaking the security anyway. Why break a door down when you have a key..
Trick is, getting the key.. in this case, a finger print, then replicating it.. it would have to be one hell of a focused, covert attack, when most thieves would just hold you up and force you to place your finger on the scanner. LOL
Far to subtle and involved for any every-day theft.
That’s why I hate when the term hack is used. I suppose it’s just semantics. But these exercises are stupid anyway. I have yet to see one done that wasn’t in a highly controlled environment where someone was able to lift a perfect fingerprint. That’s never going to happen in the real world.
Has there been *any* record of TouchID being actually used to maliciously spoof the owner?
The real news is that this hole story is pretty much FUD. Unless you are some sort of super spy there’s now way you are going to hack the fingerprint sensor period. So for 99.9% of us, there’s absolutely nothing to worry about. For you .1% spy’s I guess you will have to be careful not to let anyone touch your iPhone.
Lets compare this to real world methods to access stolen mobile phones …
* Just press the ‘ON’ button – most aren’t locked in any way
* Before you steal it, look over the owner’s shoulder as they tap in the PIN
* Wiggle the phone at an angle, look for greasy finger smudges from last time owner unlocked the dot lock
Compared with these, touch ID is a major step UP in security.