Apple’s Touch ID technology introduced with the iPhone 5S and continued on iPhone 6 is still vulnerable to the year-old fake fingerprint hack, new reports have claimed.
Marc Rogers of Lookout Security has revealed that Touch ID on iPhone 6 and iPhone 6 Plus haven’t been improved to defend against the fake fingerprint attacks. The practical aspects of the hack are definitely going against the hack; however, the technique does provide a theoretical look at how fingerprint systems are vulnerable to hacks in some situations.
Rogers tried the same technique used in the iPhone 5S Touch ID hack and it worked this time too. The scanner on the iPhone 6 is a bit improved and supports high resolution scanning making it difficult to gain access to a device even if there are small differences. Even though it works when the fingerprint is exactly matched, only a sophisticated hacker will be able to clone a sample as it requires special tools.
The real concern is that just a replica of the fingerprint is enough to gain access to the data stored and the device prompts the user to enter the PIN only if the fingerprint is incorrectly tried for more than five times. Although it does not pose a serious threat to the safety for now, the real risk comes in when the user pays using Apple Pay which will soon be activated.
The Apple Pay system uses NFC to aid the user in making payments at brick and mortar stores using their iPhones. As there is no prompt for the PIN, anyone who can fake a fingerprint will be able to make payments and there are also possibilities of targeted attacks like this.
Apple Pay is expected to hit the devices next month in an update.
