The iPhone 6 can be hacked the same way as the iPhone 5S

Apple’s new iPhone 6 contains the same vulnerability that hackers can take advantage of what was in the previous version of the smartphone. It’s not easy but it is possible. As you might remember the iPhone 5S Touch ID was bypassed with the help of fake fingerprint created with a high resolution camera and laser printer.

So, let’s see how we can trick the new Touch ID used in iPhone 6 and find out if there are any improvements since the previous version.

Touch ID is the technology used by Apple since the iPhone 5S and it allows to unlock the phone and execute a series of actions such as purchases of application in Apple Store with user’s fingerprint. We will try to apply the technique described by Tsutomu Matsumoto in his case study “The Impact of Artificial “Gummy” Fingers on Fingerprint Systems”.

iPhone 6 Touch ID bypass process

1. We need a high-quality photo of the fingerprint, which is used to unlock the iPhone. Of course we need to be stealthy and do it without the knowledge of the owner 🙂
2. With the help of photo editors like Photoshop or Gimp we need to detach the fingerprint from the rest of the image and retouch if needed. Nothing difficult so far
3. Print the fingerprint image on the translucent plastic using black toner
4. Place the plastic with the fingerprint on the light-sensitive plate used to manufacture printed circuit boards and irradiate it with ultraviolet radiation. Extremely simple, isn’t it?
5. Put irradiated plate into a bath of Sodium carbonate monohydrate or potassium carbonate. You store these substances in your locker aren’t you?
6. Place the fingerprints into the plate and place it in the correct solution
7. Cover the plate with a graphite spray
8. Cover the plate with joiner’s glue, let it dry and then clean the plate from the glue
9. The most important step: steal the iPhone 6 so the victim doesn’t suspect it, otherwise he can remotely lock the smartphone and all of your work will go down the drain
10. Unlock the device with your plate. If you make a fingerprint inaccurately, after three attempts the phone will ask for the password
11. That’s all! Quite simple, isn’t it?

Well to be serious, the technology to create fake fingerprint is quite complicated and almost not available for ordinary pilferers. Touch ID is truly quite reliable protection for your iPhone, in any case, it is more reliable than the password. However, the new Touch ID used on iPhone 6 is only a bit improved over the predecessor, it has significant structural differences, but the functionality remains the same. It also can be hacked by good old technique described above, but it requires a clear fingerprint.

Hackers will now have more reasons to hack new devices since Apple introduced their own payment system Apple Pay where users with the help of Touch ID can pay for material goods and services. In this regard we believe that for people who are concerned about the level of security in the transaction, Apple could add some additional settings, such as the possibility of two-factor authentication when working with Apple Pay.