The Touch ID fingerprint reader on the iPhone 6 can be fooled using fake fingerprints - the same trick that unlocks the iPhone 5S - a security expert claims. Security on the Touch ID fingerprint reader has been tightened, but only marginally, said Marc Rogers, chief security researcher at Lookout Mobile Security.
Rogers had previously used the fake fingerprints to fool the iPhone 5s. The same technique was enough to fool the new iPhone 6 model.
He said here are no additional settings to help users tighten the security such as the ability to set a timeout for TouchID after which a passcode must be entered. In fact, it appears that the biggest change to the new sensor is that it seems to be much more sensitive, which is made possible by a higher resolution scanning part.
Another sign that the sensor may have improved is the fact that slightly "dodgy" fake fingerprints that fooled the iPhone 5S did not fool the iPhone 6.
"To fool the iPhone 6 you need to make sure your fingerprint clone is clear, correctly proportioned, correctly positioned, and thick enough to prevent your real fingerprint coming through to confuse it. None of these are challenging details for a researcher in the lab, but are likely to make it a little bit harder for a criminal to just "lift your fingerprint" from the phone’s glossy surface and unlock the device," Rogers said.
The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. "As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone," he said. But Apple intents to widen its usage beyond into the realm of payments.
Apple did not respond to a request for comment.