Mobile users leave their fingerprints copy everywhere; including on the devices they uses. Fingerprints are not fit for secure local user authentication. Here's what would have to happen
- A thief would have to turn on Airplane Mode as soon as they steal the device. This is actually quite easy to do without a fingerprint — if the owner hasn't changed the default, the thief can access Airplane Mode via the Control Center on the lock screen. That disables all wireless connections, preventing the iPhone's owner from doing a remote wipe.
- After that, the hacker can work to get fingerprints off of the device and eventually log in. The video below shows how someone can create a fake fingerprint on a laminated sheet and later attached to one of their fingers. TouchID on the iPhone 5S, however, would only give the hacker three chances to enter before a passcode request pops up.
Once the phone is unlocked, the hacker can gain access to the owner's Apple account, but only if two-factor authentication hasn't been turned on. A hacker would be able to see the iPhone 5S's owner's email address and reset the password to take over the account. However, if the owner already performed a remote wipe, this wouldn't be possible.
Video: Mashable
No comments:
Post a Comment