There’s a lot that’s new in Apple’s just-released iPhone 6, but one feature hasn’t changed: Faked fingerprints can still fool the Touch ID fingerprint sensor.Security on the Touch ID fingerprint reader has been tightened, but only marginally, said Marc Rogers, chief security researcher at Lookout Mobile Security.
“I don’t think people need to worry just yet, but there are distinct flaws that could lead to problems down the line,” he told CNET. Rogers wrote in a blog post that he was able to use the same low-budget technique to fake fingerprints and unlock the iPhone 6 as he did when he became one of the first researchers in 2013 to hack Touch ID on the iPhone 5S.
Rogers says that the first step is to acquire the fingerprint, which has to be clear of any smudges; a high resolution camera is also necessary for an accurate image that is then printed without any distortion, with high toner density, so that the print stick out. The next step is to impress the print on a thin layer of glue.The researcher noticed some improvements in the new sensor, as the scanning resolution is higher, experiencing greater accuracy at recognizing the real fingerprint.
“To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it,” Rogers says in a blog post.
Even if adoption of Apple Pay is slow, as some people are expecting, history shows that hackers often go where the money is, and that could make the Touch ID a hot-button item indeed.