Home Apple’s Touch ID Fingerprint Scanner Is Still Hackable, But Don’t Panic

Apple’s Touch ID Fingerprint Scanner Is Still Hackable, But Don’t Panic

For the second time in two iPhone releases, mobile-security firm Lookout has tested and bested the security of Touch ID.

Touch ID lets users unlock the iPhone 5S, iPhone 6, and iPhone 6 Plus just by putting their fingerprint over a sensor on the home button. By requiring a fingerprint to unlock the device and make purchases within the App Store, with Apple Pay, or through third-party developers, Apple is trying to make your data and information more secure.

So what happens if it’s hacked?

Lookout’s principal security researcher Marc Rogers hacked Touch ID on the 5S last year, and now he’s done it again. Through a CSI-like process, he was able to unlock an iPhone 6 using a fake fingerprint made of glue.

With such a fingerprint facsimile in hand, an attacker could theoretically take over someone’s iPhone to make purchases or steal the owner’s photographs, email, texts or other personal information. It sounds like a plot from a prime-time crime drama—and so it’s probably only a matter of time until iPhone fingerprint hacks hit the big screen.

While the thought of someone accessing your phone with a copied fingerprint might make you uncomfortable, don’t worry. Accessing a device the way Rogers did takes significant skill, time and effort. And, as we reported last year, a malicious attacker can’t use a finger that’s, well, detached from your body.

Rogers says consumers shouldn’t worry too much about the potential for duping the system.

“I don’t see this to be a risk to consumers in any way because I don’t think criminals are sophisticated enough,” Rogers said in an email interview. “It is difficult to make these fingerprints—think of Touch ID as being the equivalent of a door lock. It’s there to stop the average criminal from getting access, or in the case of Touch ID, claiming they are you.”

Not only does a potential hacker need a clear print from their target that can be lifted by using super glue fumes and fingerprint powder, they will also have to get access to lab equipment to photograph, print, and then cast the fingerprint using chemicals and smearing it with glue. Unless you have access to a crime laboratory, the equipment is prohibitively expensive.

Through the experiment, Rogers discovered that there’s virtually no measurable improvement in the fingerprint sensors between the iPhone 5S and the iPhone 6, except that he got fewer “false negatives,” on the iPhone 6, meaning the reading was clearer.

Even though Rogers is impressed with the technology, he says Apple could do more to keep devices secure. Some improvements, he says, could include limits on the number of unlocking attempts a device will allow, a fallback to a passcode when the device hasn’t been used for a specific amount of time, and “best practices” suggested by Apple which may include using different fingers for different authentication.

“I was hoping to see improvements in the Touch ID sensor that show Apple is working to come up with a solution that cannot be fooled as easily,” he said. “However, while I can’t say Apple isn’t working on this, I don’t see any significant signs of improvement in this version despite the fact that it is now going to be used for payments.”

Lead photo by Selena Larson for ReadWrite; iPhone 6 and iPhone 5S image courtesy of Lookout

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.