Apple iPhone 5S Airplane mode is vulnerable and provides access to the device without a password. Researchers bypass through Touch ID and gets complete access to the device.
A computer security firm based in Berlin has discovered that iPhone 5S suffers from a major vulnerability that could give complete access of the device to a thief.
Another way was also discovered to get around the Touch ID fingerprint reader through a simple procedure. In particular, a thief who is familiar with iPhone 5S, can prevent the original owner of the iPhone to disable the device remotely, and with the help of a counterfeit fingerprint, he could also easily access the methods to reset your password.
iPhone 5S Airplane mode suffers from a dangerous vulnerability with the new Control Center implemented in iOS 7. In fact, there’s a shortcut to access airplane mode without using a password to unlock the device. Therefore, an attacker can turn on Airplane mode to prevent any attempts by the victim to cancel the Remote app on your smartphone via iCloud “Find My iPhone”.
As SD Labs researchers show in a demo video that a thief will have enough time to create a counterfeit fingerprint to bypass the iPhone 5S through Touch ID, and can start using the options to reset the password. In this way, the criminal would have a complete access to the device.
Experts have used an iPhone 4S to take a picture of the latent prints left on the iPhone 5S, and claim to have spent about an hour to create a counterfeit impression. Aftermath, it’s been attested that an iPhone 5S with Touch ID alongside turned on Airplane mode is vulnerable and proving to be a full of loop holes. In short, the new iPhone is less secure compared to other phones without fingerprint reader technology.
Now, Apple has to take such issues – floating wild since the launch – seriously as the demo is suffice to induce the Cupertino group. And, we may see a fix soon which will make it possible, in any case, to disable stolen iPhone remotely via “Find My iPhone” feature.
Finally, a tip for better security: Use an email to create an Apple ID, which has no trace on the same device ensuring any reset your password email being sent on alternate accounts.