Being the leading technology brand can have its downsides. And if you donât believe it, ask Apple. Every time the firm from Cupertino introduces a new product, the same thing happens: there is great anticipation, with seemingly half the world awaiting, long queues of tech disciples… and an army of people looking for bugs in the new devices.
In the end, vulnerabilities emerge and obviously their impact is far greater than with other brands (especially if it is a new device). Apple has already suffered a few embarrassing errors discovered by users. You donât have to go too far back to see: the aluminum case of the iPhone 6 Plus was said to be too flexible, meaning that the phone can even bend under certain conditions.
A secure iPhone?
While the tech world looked on in amazement at this problem in the new Apple device, a second rather more difficult issue emerged: Appleâs âTouch IDâ fingerprint identification system is not entirely secure.
This technology has already been used in iPhone 5s and as with iPhone 6, a few days after the launch an error was discovered: there was a relatively simple way to get past Appleâs fingerprint ID system.
“A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID,” claimed the European hacker group, Chaos Computer Club, a year ago. This was something that could be performed by anyone with a bit of skill and patience.
So despite the companyâs claims that with the new biometric system your fingerprint is one of the strongest passwords in the world, once again such claims might be premature.
History has repeated itself, and this time surprisingly, it has done so quite literally. Even though the Touch ID flaw was discovered a year ago, Apple has launched two new iPhones with the same problem.
This is confirmed by security expert Marc Rogers. “Sadly there has been little in the way of measurable improvement in the sensor between these two devices,â he claims. Although he underlines that the same fake prints that could deceive the Touch ID in iPhone 5s are no longer viable in the latest Apple device.
According to Rogers, the difference is that the company has improved the scan resolution to improve the reliability of the system. However, this doesnât mean that the same technique used to unlock the iPhone 5s couldnât be used for iPhone 6. The difference is that the fake print would need to be a better quality.
This new flaw in Appleâs security system is serious, and even more so given the launch of Apple Pay, the companyâs new mobile device payment system.
Thanks to NFC technology, users of this service can pay for things simply by waving their iPhone at the point of sale (POS) terminal. Indeed, the tool used by Apple to secure the payment service is none other than the Touch ID technology which, as Rogers explains, is easily hacked.
Nevertheless, Rogers does point out that using fingerprints is an effective form of user authentication, though Apple should include two-factor verification to give users complete peace of mind.
What do you think? Would you activate this type of payment?
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
