September 26, 2014 -
The same TouchID fingerprint spoofing tactic that allows fraudsters to gain access to Apple’s iPhone 5s can also be used with the new iPhone 6, according to a report by The Register.
Marc Rogers, a researcher for mobile security firm Lookout, recently demonstrated a procedure in which you can lift a fingerprint from a shiny surface and recreate it using glue, just like the iPhone 5S.
Although the Chaos Computer Club demonstrated this same spoofing technique against the iPhone 5s a year ago, the basic principles were first applied to a Gummi Bear attack used against fingerprint sensors, 12 years ago.
Some security researchers, including Rogers, think that Apple could have made a stronger effort to protect itself from such attacks. That argument is particularly strong when considering that AuthenTec – the company Apple acquired in 2012 to get into biometrics — was developing the technology to map the veins of fingers, as opposed to just fingerprints.
“AuthenTec, the company Apple bought to make Touch ID, was working on technology that instead of just photographing the finger tried to scan structures below the surface,” said Rogers.
AuthenTec’s patent for “Finger sensor using polarized light and associated methods” shows the direction of the firm’s research at the time of its acquisition.
However, using more advanced sub-surface fingerprint or vein scanning would have increased production costs for the iPhone 5S and 6, but Rogers believes that Apple could have still made the smartphones affordable.