Printed from http://www.electronista.com

Video shows how to bypass Touch ID, Activation Lock on iPhone 5s

updated 11:45 am EDT, Fri October 4, 2013

Airplane Mode, lack of warnings identified as soft spots

A new SRLabs video demonstrates one possible method of getting around both Touch ID and Activation Lock on a stolen iPhone 5s. The video points out that while Apple lets users locate and/or remotely wipe a device using the Find My iPhone app, a 5s can be set to Airplane Mode without unlocking if lockscreen access to Control Center is left enabled. Since Find My iPhone can only perform a wipe if a device is connected to the Internet, that may give a thief enough time to lift and mold a fingerprint to bypass TouchID, and begin hijacking Apple, Google, and other online accounts.

Some people may keep the email account necessary to hijack an Apple ID on their device, allowing a thief to connect a 5s to the Internet long enough to complete the hijack process, but not long enough for a triggered remote wipe to take effect. If the thief is successful, he or she should be able to defeat Activation Lock, unless the true owner can somehow reclaim his Apple ID or find the phone first.

SRLabs suggests several things Apple could do to mitigate the problem. These include making Airplane Mode inaccessible from the lockscreen by default, and warning people not to keep a password reset email account active on a mobile device. The outfit also recommends that Find My iPhone be able to distinguish between temporary and permanent loss scenarios, in the latter case urging people to immediately revoke the device's credentials for email, social networks, calling/SMS, and anything else that might be relevant. Apple is lastly asked to avoid displaying the length of the PIN code a person has to enter -- and/or whether a device has Touch ID active -- and to force iOS to check for remote wipe commands before it fetches email.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. jonn804

    Forum Regular

    Joined: 01-01-00

    A whole lot of "ifs" in this article. The iPhone is basically safe. Get over trying to break the security as you are not doing anyone a favor.

  1. Jeronimo2000

    Forum Regular

    Joined: 08-20-01

    "that may give a thief enough time to lift and mold a fingerprint" - sure, and that's such an easy thing to do. Didn't those German computer club guys have to admit that this wasn't quite as trivial as they originally claimed?

  1. aristotles

    Grizzled Veteran

    Joined: 07-16-04

    Which finger print? Remember that the sensor originally captures and stores a hash or the finger print and that the glass covering the sensor will not necessarily have a clear finger print present on the surface. It might be partial or smudged.

    You also don't know how the hash for the finger print is calculated. It could be taking a semi-three dimensional scan of the finger from several sides an then comparing that with the presented finger.

  1. TheMacMan

    Fresh-Faced Recruit

    Joined: 08-06-06

    Originally Posted by jonn804View Post

    A whole lot of "ifs" in this article. The iPhone is basically safe. Get over trying to break the security as you are not doing anyone a favor.



    Agreed. I do agree though that Apple should turn of control center by default on the lock screen. That was the first thing I did.

  1. TheMacMan

    Fresh-Faced Recruit

    Joined: 08-06-06

    Originally Posted by aristotlesView Post

    Which finger print? Remember that the sensor originally captures and stores a hash or the finger print and that the glass covering the sensor will not necessarily have a clear finger print present on the surface. It might be partial or smudged.

    You also don't know how the hash for the finger print is calculated. It could be taking a semi-three dimensional scan of the finger from several sides an then comparing that with the presented finger.



    Good point. But a safe guess would thumb or index finger. But like jonn804 points out a whole lot of ifs

  1. AndreiD

    Fresh-Faced Recruit

    Joined: 03-08-12

    I see a couple of problems:

    1. Control center HAS to be active on the lock screen. (IF)
    2. Victim logs in iCloud and uses Find my iPhone for remote wipe. Some don't even have iCloud accounts. (IF)
    3. Thief is lucky to get a FULL finger print OF THE EXACT FINGER needed to unlock it. Slim chances buddy. (IF)
    4. Thief is dumb enough to try to guess the 4 digit pass. Some iPhones are set up with conditional erase after 10 PIN attempts or even less (YES u can se it for 3 failed attempts ). So in this stage the alleged thief might end the story again.
    5. The would be thief (not scientist) has it's own lab to create the "lucky" fingerprint in the perfect conditions to fool the touch id sensor. After that he has to nail it just right, the material to be correct to allow some sort of electricity to pass to the touch id.
    6. The victim HAS to have correlated email reset features with that apple ID. (IF)
    7. The victim HAS a gmail account also. (IF)
    8. The victim HASN'T got any other security features enabled on the social sites, like Facebook's SMS protection that will be sent on the number of the victim that by then he/she would have blocked the number by the carrier, or not (IF)

    In conclusion, as others said there are too many IFs and special conditions THAT are mandatory to be executed in the perfect timing and in the perfect conditions. Removing any condition from this list, especially the ones from the top, makes the 'hacking' a complete fail and the victim is safe par none phone.

    NOW considering that most thiefs are low life scumbags and no lil to nothing about computers/technology, leave alone fingerprint spoofing and advanced techniques, and the fact that they know only that this phone is expensive, some willingly (happened to me personally) acting to sell the phone ASAP for 1/4 of the price (some gypsies).....makes this video a complete fairy tale and an theoretical exercise.

    Rest assured that Touch ID is a big improvement in security while at the same time simplifying the owner experience and authentication with the phone.

  1. qazwart

    Fresh-Faced Recruit

    Joined: 04-10-01

    There is a lot of issues with this video. One, is that they simply go on way too deep into their scenario. "The victim adds a snide remark" "The thief sends the victim's mother an email". This smacks of desperate distraction.

    However, even though most thieves don't have the sophistication to pull off such a scenario, they could possibly sell the stolen phone to someone who can.

    I doubt this is a major security threat to Apple, but Apple could take a few steps to stop such action. For example, Apple could refuse to send out a password reset if a device has been reported stolen until they can verify the wipe. Apple could limit the time you can use a password reset key to prevent someone from manually typing it in.

    Apple should also not allow phones to be turned off or to be placed into Airplane mode without an unlock code.

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    "Apple should also not allow phones to be turned off or to be placed into Airplane mode without an unlock code."

    The suggestion would be onerous as the only way to achieve either end. Perhaps a setting one might apply if they desire?

  1. Kees

    Junior Member

    Joined: 09-15-01

    Precisely, all this talk about how a fingerprint can be forged is bs to me. It's inconvenient to have to enter a password every time you pick up your phone. To the point where many don't set a lock key. Touch ID solves that.
    But Apple allowing a locked phone to be put into airplane mode from the lock screen is a clearly a security issue and frankly a rather gross oversight.
    Just make that option unavailable from the lock screen and be done with it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News