For those paranoid spy folks out there, SRLabs has pointed out an additional security weakness which could help an attacker use the fingerprint hack to access an iPhone 5s.

The fingerprint hack takes time: around half an hour of actual work, plus drying time. Provided you notice your phone has gone before the thief gains access, you can simply remotely lock or wipe the phone. But with Airplane Mode accessible from the control center on the lockscreen, a thief can simply enable this to prevent the phone being wiped while they are dealing with the fingerprint … 

Once a thief has used a spoofed fingerprint to gain access, they could use the Apple ID ‘forgotten password’ link to have a password reset link sent to the phone. With the Apple ID changed, the thief can safely switch Airplane Mode off knowing that the owner will no longer be able to wipe it.

There are a couple of things you can do to to guard against this. First, go into Settings -> Control Center and switch off Access on Lock Screen:


Second, as soon as you find your phone has gone, use another device to change your email password. That way, if the thief gains access, they won’t have access to new emails, so won’t be able to receive the password reset link.

As we said before, however, this isn’t a trivial hack, it’s something that requires a considerable amount of time, effort, skill and equipment. The question then becomes: is the data on your phone worth that effort? If you’re the CEO of a Silicon Valley startup, maybe. If you’re the average guy on the street, it’s unlikely to be something you have to worry about.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear