You may recall that the Touch ID sensor was successfully hacked last year, using a technique where fingerprints were lifted from the phone’s casing followed by sophisticated lab techniques used to create artificial copies of the print to activate the sensor.
The bad news is that the sensor in the iPhone 6 is vulnerable to the same methods – the good news is that security researcher Marc Rogers found the iPhone 6 version to be both more secure and more reliable …
The improved security was revealed when Rogers tried using the same less-than-perfect fingerprint copies on the iPhone 5S and 6.
Slightly “dodgy” fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6. To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it.
Rogers said that the Touch ID sensor in the iPhone 6 was more reliable, less likely to reject a genuine fingerprint.
The biggest change to the sensor is that it seems to be much more sensitive, which is made possible by a higher resolution scanning part […] it’s likely this is also aided by the fact that the iPhone 6 appears to scan a much wider area of your fingerprint to improve reliability.
While Rogers suggests that its worrying that the same technique still works as Apple prepares to allow Touch ID to be used for Apple Pay, the fact remains that the attack method requires extended access to the phone, a reasonable amount of equipment and a fair degree of determination. It doesn’t appear a likely route for your average fraudster.
Apple has for the first time opened up use of the Touch ID sensor to third-party developers, and we’ve provided a roundup of some of the apps making use of this.