Click to Skip Ad
Closing in...

Hacking the iPhone 6’s Touch ID is harder, but still possible

Published Sep 24th, 2014 7:30AM EDT
iPhone 6 and iPhone 6 Plus

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Soon after Apple unveiled the iPhone 5s last year, the first of its iPhones to sport a fingerprint scanner embedded in the Home button, researchers proved the security measure could be bypassed as long as an attacker managed to somehow replicate the fingerprints of an iPhone 5s owner. Marc Rogers, one of the same people who hacked Touch ID last year, is now back with a similar trick that works on both the iPhone 6 and iPhone 6 Plus, even though both devices sport better fingerprint scanners than the iPhone 5s.

FROM EARLIER: iPhone 6 review

Rogers created fake fingerprints using the same technique as last year and tested them against the iPhone 6’s fingerprint scanner. The fake fingerprints still managed to fool the sensor into unlocking the device, but Rogers says the fake fingerprint has to be of great quality to work.

“Another sign that the sensor may have improved is the fact that slightly “dodgy” fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6,” he wrote. “To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it. None of these are challenging details for a researcher in the lab, but are likely to make it a little bit harder for a criminal to just ‘lift your fingerprint’ from the phone’s glossy surface and unlock the device.”

In other words, an attacker using this particular technique to break into an iPhone should first be able to pick up the targets fingerprints, then guess which one is used to unlock the device, and then create a great fake copy to fool Apple’s sensor. So in most cases, this might prove to be too much for your average criminal.

“The fact that Apple has tweaked the Touch ID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, Touch ID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone,” Rogers said, adding that Apple should have “really tighten up the security of Touch ID” especially because it’ll now also protect Apple Pay transactions.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.