Saturday, October 5, 2013

iPhone 5S Fingerprint Hack Can Take Over Owner’s Apple Account | Web Design Magazine

A cat’s paw [1] can be used to unlock the iPhone 5S, but it looks like a picture of your fingerprint can facilitate entry too.

German security firm SRL, reported by The Guardian [2] , said an image of a fingerprint can successfully unlock the phone, enabling identity theft.

“Users leave copies of their fingerprints everywhere; including on the devices they protect. Fingerprints are not fit for secure local user authentication as long as spoofs (‘fake fingers’) can be produced from these pervasive copies,” SLR said in a blog post [3] .

Here’s what would have to happen: First, a thief would have to turn on Airplane Mode as soon as they steal the device. This is actually quite easy to do without a fingerprint â€" if the owner hasn’t changed the default, the thief can access Airplane Mode via the Control Center on the lock screen. That disables all wireless connections, preventing the iPhone’s owner from doing a remote wipe.

After that, the hacker can work to get fingerprints off of the device and eventually log in. The video below shows how someone can create a fake fingerprint on a laminated sheet and later attached to one of their fingers. TouchID on the iPhone 5S, however, would only give the hacker three chances to enter before a passcode request pops up.

Once the phone is unlocked, the hacker can gain access to the owner’s Apple account, but only if two-factor authentication hasn’t been turned on. A hacker would be able to see the iPhone 5S’s owner’s email address and reset the password to take over the account. However, if the owner already performed a remote wipe, this wouldn’t be possible.

How do you feel about fingerprint sensor technology to enter smartphones? Are you on board or reluctant to give it a try? Let us know in the comments below.

Image: Mashable

Links
  1. ^ cat’s paw (mashable.com)
  2. ^ The Guardian (www.theguardian.com)
  3. ^ blog post (srlabs.de)

No comments:

Post a Comment

Search This Blog