All About Hacking News: The Hacker News

The Hacker News

The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

iPhone Fingerprint scanner hacked again; Flaw allows attacker to hijack Apple ID
10/6/2013 4:26:00 PM

A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID.

SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen, which turns off wireless connectivity and so defeats the remote wipe facility.

This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices.

In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using the Find My iPhone app.

Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained by another researcher.

SRLabs suggests several things Apple could do to mitigate the problem. These include making Airplane Mode inaccessible from the lockscreen by default, and warning people not to keep a password reset email account active on a mobile device.

Author

Wang Wei has been a security consultant for the government, financial securities, banks. Working as Researcher with The Hacker News. He is also a renowned speaker on the subject of 'Exploit Writing'. He is Malware analyst, Freelancer Penetration Tester, Cloud Computing, Mobile application & Software Developer. Follow him @ Twitter | Google | Email

All About Hacking News

The Hacker News

0 comments:

Post a Comment