It didn’t take long for researchers to figure out a way to hack the iPhone 5s fingerprint readers, replicating the smartphone owners fingerprint before copying it with a laser printer and using the copy to unlock the device. Now German security company SRL Labs is arguing that security flaws in both Touch ID and iOS 7 could lead to an increase in stolen iPhones and even the possibility of identity theft.
In a new video, the researchers detail how a thief could use the same Touch ID hack to break into an iPhone 5s and take over the owner’s email, banking and social media accounts. After quickly switching the device to Airplane Mode by accessing the Control Center from the lockscreen, it’s easy to block Apple from wiping the device remotely while a fingerprint found on the handset is replicated.
SRL then demonstrates how the iPhone’s iCloud account can be compromised by requesting a password reset to be emailed to the smartphone owner’s email account. The thief can actually briefly turn off Airplane Mode to download the new email and then shut off the signal again before Apple’s command to wipe the device goes through. With the password changed, the thief then allows the device to reset before entering the new password and quickly gaining access to all information stored on the device.
The video ends with a list of ways Apple can improve the iPhone 5s’ security. An easy fix would be to modify the Control Center so it does not offer an Airplane Mode option when accessed from the lockscreen, but Apple should do more, and should warn its customers not to store password-reset email accounts on their device and to revoke all privileges on the handset remotely as soon as the handset is stolen.