Within days of the iPhone 6 going on sale, a security researcher has shown that the Touch ID fingerprint sensor is as open to being hacked as it was on the iPhone 5s.
The vulnerability allows a would-be attacker to spoof your identity using an artificial fingerprint to unlock your iPhone 6 or make purchases via Apple's various digital stores (such as iTunes). Touch ID is also intended for use with apple's new NFC payments system Apple Pay.
The Touch ID fingerprint sensor is built into the home button of Apple's smartphones, and was introduced in 2013 on the iPhone 5s.
Following that launch, German hackers named the Chaos Computing Club took just two days to show that an artificial print could be used to bypass the Touch ID system - though they were unable to extract the fingerprint data saved in a secure partition of the phone's processor.
Now Marc Rogers, principal security researcher from mobile security firm Lookout, showed that using the very same attack can bypass the Touch ID system on the iPhone 6 and iPhone 6 Plus.
"Sadly there has been little in the way of measurable improvement in the sensor between these two devices. Fake fingerprints created using my previous technique were able to readily fool both devices," Rogers said in a blog post.
Rogers notes his disappointment that Apple has not implemented extra security measures:
"Furthermore there are no additional settings to help users tighten the security such as the ability to set a timeout for TouchID after which a passcode must be entered."
While there are no additional security measures, the sensor itself on the iPhone 6 and 6 Plus does seem to have been updated to a higher resolution sensor.
The sky is not falling
Rogers makes this assumption for two reasons. The first is that there were far less "false negatives" on the iPhone 6, while the second indication of a new sensor was that "slightly 'dodgy' fake fingerprints that fooled the iPhone 5s did not fool the iPhone 6."
While the fact that the fingerprint scanner is hackable will be worrying for some, Rogers plays down the danger to the average consumer saying:
"Just like its predecessor, the iPhone 6's TouchID sensor can be hacked. However, the sky isn't falling. The attack requires skill, patience, and a really good copy of someone's fingerprint - any old smudge won't work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it's highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual."