Security Research Labs, a group of Berlin-based security researchers, have uncovered a bug in the new iPhone that it claims will enable hackers to overcome a safeguard allowing users to remotely wipe stolen or lost phones.
More specifically, the team has discovered a method for bypassing the handset’s security features. It starts with activating Airplane mode, which gives potential criminals time to create fake fingerprints and reset passwords….
“A German security company has uncovered a bug in the new iPhone’s software that it said enables hackers to overcome a safeguard allowing users to remotely wipe stolen or lost phones.
Berlin’s Security Research Labs, known as SRL, said on Thursday that the vulnerability could potentially give criminals time to break into the Apple Inc (AAPL.O) phones, gain complete control of data, access email accounts and then potentially take over the user’s bank accounts.
The research firm also said it has figured out an easier way to crack the iPhone fingerprint scanner than has been demonstrated thus far.”
The team details its exploits in two videos. Here’s the first:
The Touch ID workaround is very similar to the one demonstrated by the Chaos Computer Club last week. And although the group claims it’s easier to pull off, it still requires extraordinary tools, skills, and time with the device.
If your phone is stolen, however, it would give would-be criminals time to either learn these special skills, or find someone who already has them. This second video shows the group skirting security after “stealing” an iPhone 5s:
This, I think, is an actual problem. Folks have looked at the Touch ID and Activation Lock features as ways to thwart iPhone thefts, but it looks like any criminal with an Internet connection could figure out how to get around them.
Of course, Apple has yet to comment on any of this, but it’ll be interesting to see what it says. A handful of security bugs have already been discovered in iOS 7, including one on the Lock screen, which was patched in the iOS 7.0.2 update.