Hackers Bypass iOS7 Lockscreen with Lifted Fingerprints and/or Siri Cheat

[dgstorm]

Like with every new piece of technology, sometimes there are just a few kinks to be worked out. Some security researchers have found two different ways to hack through the security on the new iOS7 on an iPhone 5S. We never enjoy sharing negative stuff about our favorite tech, but it's our duty to report this stuff, just to make sure you are aware.

In the video above, the benevolent hackers figured out a crafty way to trick Siri into bypassing the unlock screen on an iOS7 equipped device. This is the same vulnerability which has been found in iOS6 so it basically means that Apple still has their work cut out for them. Here's a brief quote with a description of what the hack is capable of doing:

By commanding Siri to do various tasks, the researchers were able to post to sites like Facebook and Twitter; send messages and email; make phone calls; and collect such information as calling history, contacts, and saved Maps locations all without having to unlock the phone.

There's no word yet from Apple on a fix for this issue, but we will keep you updated.

In the second video, a different team of security researchers were able to unlock the new iPhone 5S by using "lifted" fingerprints on the new TouchID Sensor. The method for this particular hack was rather complicated. Here's a quote with the description,

First you need some kind of colored powder or superglue to lift the fingerprint. Then you have to scan the fingerprint, invert it and print it with a resolution of 1200dpi or more onto a transparent sheet. After that, you build your fake finger by smearing pink latex milk or white wood glue into the pattern that the toner created onto the transparent sheet and wait for it to set. Finally, the CCC writes, “the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone.” This method should work for virtually every fingerprint scanner on the market today.

It should be noted that the second hack, using fake fingerprints, is not something that an average bad guy would likely go to the trouble to try. If you have someone trying to lift your fingerprints to break into your iPhone, then you likely have bigger problems to deal with than anything they can get from your device.

Source: TechCrunch

 

[Skull One]

I read somewhere that they needed a 2400 DPI copy of the fingerprint for it to work. 1200 DPI would be easy to reproduce, 2400 would be a a little harder. Going to have to watch how this unfolds.

 

[ardchoille]

I hadn't planned on using the fingerprint tech anyway. I'm hoping it isn't mandatory.

 

[Skull One]

I hadn't planned on using the fingerprint tech anyway. I'm hoping it isn't mandatory.

It is off by default and you have to do two things for it to turn on. So it can't even be turned on by accident.

 

[ardchoille]

It is off by default and you have to do two things for it to turn on. So it can't even be turned on by accident.

That's a relief. Thank you for that.