Further questions have been raised about the viability of the iPhone 5S’s fingerprint scanner, after research found that it was possible to photograph a fingerprint on a iPhone 4S, print it onto film and use it to access the new device.
According to research by Germany’s Security Research Labs (SRL), it is possible to photo an iPhone 4s, and use the spoofed fingerprint to unlock a Thinkpad laptop, a Fujitsu smartphone and an iPhone 5s. In a video they took a photo of the fingerprint and print it on translucent paper, from which a cover mould is made and used to access the 5s.
The researchers said: “The iPhone 5s’s fingerprint sensor does not only appear to provide no additional protection, its use even undermines other security mechanisms.
“Fingerprint sensors still have a strong protection proposition: To provide a second (and third) authentication factor in remotely-executed transactions, such as authorising money transfers.
“An attacker would need to get access to three credentials: the banking password, the fingerprint sensor that stores an authentication certificate and a spoof of the fingerprint that activates this certificate. For the most common miscreant, remote attackers, the latter two should be out of reach.”
Commenting, Wieland Alge, vice president and general manager for EMEA at Barracuda networks, said: “iPhone’s Touch ID is the first wave of devices using fingerprint recognition and it will be increasingly used by all kinds of applications. In light of these increasing security concerns, cyber security must be a number one priority for every business, as these devices will shortly enter the workplace.”
