Security researchers detail new Touch ID and iOS 7 workarounds

By , Oct 4, 2013

ios security

Security Research Labs, a group of Berlin-based security researchers, have uncovered a bug in the new iPhone that it claims will enable hackers to overcome a safeguard allowing users to remotely wipe stolen or lost phones.

More specifically, the team has discovered a method for bypassing the handset’s security features. It starts with activating Airplane mode, which gives potential criminals time to create fake fingerprints and reset passwords….

Reuters points to the group’s work (via MacRumors):

“A German security company has uncovered a bug in the new iPhone’s software that it said enables hackers to overcome a safeguard allowing users to remotely wipe stolen or lost phones.

Berlin’s Security Research Labs, known as SRL, said on Thursday that the vulnerability could potentially give criminals time to break into the Apple Inc (AAPL.O) phones, gain complete control of data, access email accounts and then potentially take over the user’s bank accounts.

The research firm also said it has figured out an easier way to crack the iPhone fingerprint scanner than has been demonstrated thus far.”

The team details its exploits in two videos. Here’s the first:

The Touch ID workaround is very similar to the one demonstrated by the Chaos Computer Club last week. And although the group claims it’s easier to pull off, it still requires extraordinary tools, skills, and time with the device.

If your phone is stolen, however, it would give would-be criminals time to either learn these special skills, or find someone who already has them. This second video shows the group skirting security after “stealing” an iPhone 5s:

This, I think, is an actual problem. Folks have looked at the Touch ID and Activation Lock features as ways to thwart iPhone thefts, but it looks like any criminal with an Internet connection could figure out how to get around them.

Of course, Apple has yet to comment on any of this, but it’ll be interesting to see what it says. A handful of security bugs have already been discovered in iOS 7, including one on the Lock screen, which was patched in the iOS 7.0.2 update.

  • Share:
  • Follow:
  • Taf Khan

    Not good, although the majority of petty criminals probably don’t have the intelligence to pull this off. Let’s hope Apple patch this soon.

    • jocastro

      you would be surprised what people can do these days,

    • NEWYORKMINUTE10

      patch this? wtf u can’t be so ignorant

      • Taf Khan

        Remove the option for Airplane mode whilst the phone is locked. Take it away, simple! A security update from Apple once more to resolve.

        As for the finger print method, I suggest you read the comments on last weeks article, it’s old news, if your stupid enough to let some take a pic of you finger and then your phone…

      • NEWYORKMINUTE10

        the dumb one is you, thinking that it’s secure because apple said so. it’s not secure and is only being used for the us government to spy on other countries

        and I’m not buying 5s so your argument is invalid

      • Taf Khan

        My UK government doesn’t spy on me. Not everyone lives under the Obama administration.

        Would you allow anyone access to your bank card or pin code??? Well don’t give them fingerprints access and iPhone 5s either. One or the other is bad enough, allowing theft of both is indeed dumb…

      • Dao Sasone

        True, but all the info you send on your devices goes through their satellite, we cant prove that their not intercepting the data before it gets passed on.

      • Dao Sasone

        This is what ive been tryna tell everyone. You cant trust the government anymore. Too much lies and scandals.

      • John

        You have to wonder how screwed America is that they are happy to spend more time spying on their own people then they are willing to spend time on fixing the economy. How messed up is your country?

        Most first world countries aren’t like that.

      • NEWYORKMINUTE10

        America is. Investing billions in NSA just to be able to spy and store large amount of user private data.

      • MehLaMeh

        Any proof that the gov’t does use it to spy other countries? Sources? You think that the gov’t uses it to spy on others because you said so? Your argument is invalid.

    • @dongiuj

      “majority of petty criminals probably don’t have the intelligence to pull this off”
      And then they come here and have all the info they need.
      Twat

      • Taf Khan

        Are you an Example of the average petty criminal… Care to demonstrate your skills?

        The average petty criminal is not very SMART, they are more of an opportunist thief with about as much intelligence as you, Clearly that’s not very much.

      • @dongiuj

        You’ve just proved how unintelligent you are. Nice one.

  • jocastro

    shits a fail.. glad i didn’t get the phone, waiting till iPhone 6

    • Question

      It isnt really a fail its just that when something is a Top hit and is selling good than people out there try to find flaws to prove nothing is perfect or they just hate the company lol

      • cybersat

        Still defend your god.

  • JS3

    damn that second video is legit! that’s crazy lol… NICE WORK hackers! well done, well done!

  • Gerf

    Disable control center on lockscreen! Problem solved?

    • EpicFacepalm

      The unordinary highly skilled thief will remove the SIM or turn off the phone for later

      • Dave

        If they turn the phone off, then they would have to use the passcode upon restarting. Finger prints would be useless.

      • EpicFacepalm

        I mean
        1. Steal the phone
        2. Turn off the phone
        3. Go to the HQ
        4. Remove the SIM
        5. Turn on the phone
        6. Voila!

        Lol, still I can’t imagine this can be done

      • BenjaminDews

        Still need a pin or a fingerprint. Its software based, not tied to the sim card.
        Then trying to restore it would not work due to activation lock.

      • EpicFacepalm

        Have you watched the video? Step 6 is doing the same things on Video #2

        For the last time, the problem is not the control center on the lockscreen. You can achieve the same thing by turning off the phone, plain and simple. That’s my point.

        It also unlikely that you can capture the target’s fingerprint when you touch the screen. Better hard reboot and then force turn off.

        Still, this seems nonsense to me. When people started to learn all of these to steal an iPhone? Bullshit…

      • Víctor Moreno Escudero

        put superglue ont he nano-SIM holder (just kidding,…or not, who knows?)

  • Derek

    Well damn. These guys tore that shit up. Well I’m on an iPhone 4. Waiting for iPhone 6

  • RarestName

    To all the people whining about quick toggles on the lock screen, this is what happens. I’ve said it before and I thought that Apple wouldn’t do that because of the Airplane Mode access, but I was surprised when they actually implemented it.

  • Mac_Guy

    Honestly at first the TouchID seemed like a feature for security but after using it for several weeks with the iP5S, it just for convenience.

    I still think Apple should apply some of those security improvements explain in the second video but I really cant see a criminal going through the trouble of making a fake fingerprint. Will they really go through all that trouble and buy that equipment to pull it off? Would they go the extra mile to change my Apple ID and gmail password? Seems alittle far fetched but I understand the concern.

    All that for an iPhone? Make your life easy then and steal a a flagship android device like the Note 3 or S5 when it comes out :P

    • Rowan09

      The iPhone has the highest resale value so people would be happy to steal one. Most thieves won’t know how to do this.

      • Mac_Guy

        Trust me I know I used to work at a pawn shop. iPhones were the most common phones coming in but you’d be surprised that the majority of the time they wouldn’t even restore the phone…. And the ones who did explained how they had to search on YouTube to learn. The majority of criminals are not the smartest individuals from my experience.

      • Rowan09

        That’s true but people usually steal or find phones to make a buck not to get personal information. All these hacks are for obtaining personal information which the common thief isn’t looking to do. I know what people do but creating a fake fingerprint is different than putting a phone in DFU mode and doing a restore.

  • Lance Baker

    Perhaps requiring the password or TouchID authentication to turn on airplane mode from the lockscreen could be an option?

    • Rowan09

      I agree that seems like it makes the most sense. No matter what Apple does there will always be a work around all these things are just a deterant just like a car alarm. I’ve said it before that having access to quick toggles from the lock screen just like having quick reply will cause security issues.

  • John Sklikas

    That was actually scary, although it’s not convenient I am now going to disable Control Center in the lockscreen unless Apple makes a feature where the passcode would be required for the activation of Airplane Mode from the lockscreen (because for me Control Center in the lockscreen is only useful for flashlight). Heck, when an iOS 7 jailbreak comes, I will create a tweak asking for passcode, not Touch ID when the Control Center Airplane mode toggle is pressed. Till then, no Control Center in my lockscreen!

    • http://www.ideaprison.com/ ideaprison

      Jailbreak can fix Apple’s flaws, like it always has!

      • BoardDWorld

        So true, lol

    • John Sklikas

      I mean my wish isn’t that amazing and improbable either because Siri already asks you to enter your Passcode when asking, turn Airplane Mode on in the lockscreen! (Sorry for replying to myself but I wanted to post this as a continuation of my previous comment)

  • MyFlammingSkull

    All other phones were easy how come the iPhone had many steps?

  • Hmmm

    Dunno but I feel like this is a thing that could happen. There’s a lot of steps but it doesn’t seem TOO complicated so I don’t consider it a stretch.

  • http://www.ideaprison.com/ ideaprison

    Easier because of touchID makes no sense, still Apple should take heed to this and come up with some more improved methods to keep our phones more secure.

  • OfcrFriendly

    Apple should have removed the option to enable Airplane mode via the lock screen. That was a security flaw from the get go.

    • Lance Baker

      Agreed. Seems obvious, too. I think they will have no choice but to change that…

  • Carmelo Garcia

    that’s why I dont buy the latest iphones too much bugs!!

    • MehLaMeh

      Every phone firmware/OS/applications has it fair share of bugs, FYI. That’s a given characteristic of all software; they are not perfect.

    • iGOD

      Apple wouldn’t do that to their fan, you should ask iFans, they would said only Android or Window phone have bug and malware. Also Apple plastic phone is way better than Samsung plastic phone.

  • Vikram Finavker

    What about apple two step verification? in that case one needs two things all the time from following to reset password….
    Your Apple ID password
    Access to one of your trusted devices
    Your Recovery Key
    isnt this secure?

  • NEWYORKMINUTE10

    there you got, android had the fingerprint sensor first

    • MehLaMeh

      Some old computers had them already before Android…

      • NEWYORKMINUTE10

        I’m talking phones now, computers had 64bit for a long time also

  • Al

    I’ve never had a passcode on my iPhone and I’ve known friends who never had a passcode on their iPhone up until Apple announced TouchID. I’ve heard a percentage of 50% that doesn’t use passcode on their iPhone.

    Although TouchID has flaws, it’s the benefit of having an extra level of effort on a theif part in order to unlock the iPhone. I remember Sabastian had a piece he took from an article… A part of it summed up If people want to improve security on a phone, just refuse to even had a phone.

    It’s Apple taking measures to improve on security, look how long it’s taking evaders to jailbreak iDevices. Apple will take even better measures over time, this is just a step in the right direction..

    • diggitydang

      I was just going to post the exact same comment! Agree 100%… I was part of the 50% that didn’t use a passcode, so using Touch ID, while not without it’s flaws as shown above, is far better than I was a few weeks ago.

      I was also going to say that we can turn off Control Centre on the lockscreen until Apple has a fix (i.e. making Airplane Mode inaccessible from the lockscreen), but I’m sure people would rather have that access than to turn it off. People are fickle though – on iOS6, we complained that Apple needs to add more features and functionality, while the counter-argument was that Apple does it to keep users information secure… we heard everything from the fact that Apple is a walled garden and treats users as babies and that they should treat their customers like adults. Introduce iOS7, which added Control Centre, one of the highest demand features that the market insisted on (me being one of them!) – I LOVE that I now have quick access to my settings toggles and I love the lockscreen accessibility (I used to Jailbreak for this access)… but go figure, an hour long, comprehensive process by a skilled thief/hacker and we are so quick to throw Apple to the fire saying that they should take better care of our information.

      I know why Steve Jobs used to say that you can’t listen to the market because they don’t know what they want…

  • Patrick

    top video is a standard android fan!!, normal people don’t have these equipments in their home and some robber probably don’t even know where to get these or even spend money on them, so its just a stupid video

    • BoardDWorld

      I love Apple and the way they have implemented it probably won’t be matched for years to come, but the scanner itself is sub standard. A person with an IQ of 80+ would be able to easily follow these tasks, & who said anything about thieves being dumb?

      I’m more interested in how this works when it is only meant to scan the live skin layer?

  • Steve Jobs

    is that video for teaching the thief how to steal my iphone and use it !!!

  • felixtaf

    Need any Explanation???

  • Jonathan

    So, how about I just keep my iPhone fingerprint free on the screen and that guy has no way of accessing it?

    • Dave

      Use a finger that doesn’t touch the phone often. When use use the phone, odds are you will click the home button and mess up the fingerprint used. Not some big ass print like the video shows.

      • Jonathan

        That’s actually a really good idea.. I think I’ll do that, thanks.

      • http://www.ideaprison.com/ ideaprison

        Or use the tip of your nose.

      • Jonathan

        I’ll pass. Besides, it wouldn’t work.

  • http://mrmodzix.yolasite.com/ Haiko Semonian (@MrModZix)

    Quoted from RobHague, on YouTube, 5 hours ago:

    “So ‘easy’ indeed. Ignoring the convoluted steps involved. I mean it also presumes a perfect finger print on an device. How about you attempt this on a device thats been used? Covered in overlapping/smudged fingerprints, and from various fingers. Pick out a single print from that, good enough to use.”

  • Víctor Moreno Escudero

    Apple: If you wan’t to change some setting with the iphone locked, just ask for the finger (5s) or the password (all the rest)

  • mav3rick

    At least now these hacks are not called “ridiculous”… Still, full of security flaws, but most are just backing them up…

  • Siaka Togola

    This is Bullshit. This Device is as safe as it can be. Of course if you leave such fingerprints around they can be picked up. That is beside the point which is that: who goes through all that for a stolen phone?! First of all the person has to follow you day and night to get a print of your finger, then he/she has got to get it (not that there is anyone looking or there even whatsoever). Thieves don’t go through all that for a phone, and i don’t think people that can do what is demonstrated here will waist their time stealing anyways.

    • http://www.ideaprison.com/ ideaprison

      Right but it would still be a good solution to not allow airplane mode without a password/unlock. Would solve most of this, the point wasn’t just about the fingerprint (which i find just as unlikely)

      • Siaka Togola

        Indeed that will make this easier.

    • BozzyB

      The fingerprint ist right on the phone’s display!

      • Siaka Togola

        No it’s not. You have to have a flawless fingerprint for the sensor to be able to read it. That requires both the display to be really clean, and a purposely greasy finger. Simply put, the finger prints on your display are not clear enough, and if they are whoever stills your devices is going to make them unreadable, since there is no way for he/she to not touch the display while, you know, stealing it.

  • Nick Jones

    If your phone gets stolen, wouldn’t it be easier to change the password to account before they take your fingerprint and make one for bypassing the security lol

  • Jerwyn Feria

    Easy fix. Just turn off access command center from lockscreen. Simple

  • ilikepear

    TouchID is a convenience to passcode instead of security when it comes to lockscreen. (You can enter passcode if your fingerprint fails you). The final and only line of defense is still your apple id password and passcode.

    You have better chance crack the 4 digit code or apple id then trying to crack fingerprint lol.

  • John

    It’s an article written by one news paper, because it’s on the internet it MUST be real, right?

    Let me ask the same question @mehlameh:disqus asked you… Do YOU have proof it happened? I am assuming you don’t.

    • NEWYORKMINUTE10

      Yeah, Snowdrn made it public u dumb ignorant. Same question as I asked the previous, been loving under the rock?

      • John

        Dumb arse, gives your comments PLENTY of creditability, doesn’t Mr. “I hide behind a mystery name because I’m a gutless individual.”

      • NEWYORKMINUTE10

        Wtf u talking about now? Go to sleep drug dealer