iPhone Biometrics Spoofed Again, Expert Still Loves Touch ID

Last year, shortly after the launch of Touch ID, Apple’s smartphone fingerprint sensor on the iPhone 5S, Marc Rogers spoofed it. In a blog post at the time, Rogers – principal security researcher at Lookout – explained why he did it, how he did it and why the post-password solution still had a place in his good books.

A year later, we have been presented with two more iPhone models, each sporting a Touch ID sensor, and this time coming ready with a number of useful applications that can leverage a user’s fingerprint. Sure enough, Marc Rogers announced on the Lookout blog yesterday that he’s done it again, and he still thinks the fingerprint security on the iPhone is awesome.

“When the iPhone 6 came out the first thing I wanted to find out was whether or not there had been any changes to the TouchID sensor,” writes Rogers.

This was a concern on the minds of many identity management professionals considering that the increased range of Touch ID applications include the ability to make point of sale payments through the NFC powered mobile wallet, Apple Pay. No mention of improvement was made during the September 9 keynote, leaving the task of evaluating the security up to people like Rogers.

Using the same technique as last year, Rogers successfully spoofed his way past the iPhone 6’s sensor. Sadly, he reports that there is very little that suggests any kind of measurable security improvement. That’s not to say he didn’t find the process more difficult this time around: either due to higher resolution imaging or a larger scanning surface, the iPhone 6 models require a much higher quality fingerprint clone.

Rogers’ blog is a must read for those doubtful that consumer grade biometrics are an adequate password replacement for an iPhone’s lock screen.

“As it stands,” writes Rogers, “TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.

It still can’t be denied that the lack of any significant Touch ID improvement is dissapointing. Though the sensor’s convenience and better than password security makes it a boon to consumers (especially with the reporting of lower false rejection rates), had Apple made a point of bolstering Touch ID this time around it would have gone a long way in opening up applications that require higher levels of assurance.

Now that Apple has competition in the smartphone biometrics space, it will be interesting to see if other OEMs that have invested in biometric security make a stronger point to offer improved security.

—

(Source: Mobile ID World)

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases.

Learn more: www.tech5.ai

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

HID powers the trusted identities of the world’s people, places and things. Our trusted identity solutions give people convenient and secure access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people use HID products to navigate their everyday lives, and billions of things are connected through HID technology. https://www.hidglobal.com/

As the world moves to a mobile-first economy, businesses need to modernize how they acquire, engage with, and enable consumers. Prove’s phone-centric identity tokenization and passive cryptographic authentication solutions reduce friction, enhance security and privacy across all digital channels, and accelerate revenues while reducing operating expenses and fraud losses. Over 1,000 enterprise customers use Prove’s platform to process 20 billion customer requests annually across industries including banking, lending, healthcare, gaming, crypto, e-commerce, marketplaces, and payments. https://www.prove.com/

Footer

Follow Us