Berlin-based Security Research Labs said the workaround buys hackers enough time to compromise a device and tap personal information that could be useful for ID theft or financial fraud. They could also register the device to another account.
Ben Schlabs, an SRL project manager in biometric security, shows in a video that by putting an iPhone 5S on airplane mode, it cuts off the handset’s connection with the rest of the world. From there, a hacker has time to create a "fake finger" to get past Touch ID, which is the new iPhone’s biometric fingerprint sensor.
That particular hack surfaced in late September. Germany's Chaos Computer Club, led by “Star Bug,” said that the increased security built into Apple's Touch ID involves little more than a higher resolution than the majority of fingerprint sensors.
The process uses everyday materials that many people already have on and or can easily obtain. "First, the fingerprint of the enrolled user is photographed with 2,400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1,200 dpi onto transparent sheet with a thick toner setting," explained CCC. After that, hackers simply make a mold of the fingerprint using pink latex milk or white woodglue and apply it to the sensor.
For his part, Schlabs replicated the process, and once in, looked up the user's email address and then went through the “reset password” process from a regular computer. Then, he flipped airplane mode off just long enough to download the confirmation email via the phone, thus going on to reset the password. He did the same for the Apple account as well, thus hijacking the phone from the owner’s control.
"Once you have access to the email, you can engage in total online identity theft. You can get bank credentials or anything else," Schlabs told Reuters.
SRL said it has shared its research with Apple's security team.
There are ways to protect against the vulnerability, Schlabs said, including setting the phone to prevent airplane mode from being activated when devices are locked and implementing two-factor authentication.