How to hack any app with access via Touch ID on the iPhone [video]

The developer of many iOS apps were quick to take advantage of the fingerprint scanner Touch ID on the iPhone and iPad for the convenience of its users. Despite the fact that the disadvantages of the technology for many years on display in a movie from Hollywood. Is it possible today to rely on biometric security?

Before the advent of Touch ID app was protected only by the native code that was significantly safer. Now, when there is a biometric module, the user can dial tens or hundreds of codes from applications, but they do not add to the protection is a waste of time and the illusion of safety.

Meanwhile, disclosure of a personal password from the smartphone today has become too commonplace. People trust their passwords with family, friends, and sometimes even just random passers-by. It is much more convenient than typing the password each time, passing the phone from hand to hand. Try to remember whether it’s you or you asked the question “What’s your password?”. Or do you type your password under the eye of the camera. At this point, the convenience pushes security far into the background.

Specialists of the laboratory of information security, “Cadmus” tested apps, which are considered the most secure, that is, financial, banking, to access remote devices and computers, online shopping, savers passwords, address books, task managers, cloud storage and various others. They came to the conclusion that all programs are vulnerable, since access to them is sufficient in the settings of the iPhone and iPad to add another fingerprint. After that, the attacker can log into any of these applications.

Experts recommend users to applications with Touch ID:

  • always use a password on your smartphone (reinforced, if you need this);
  • disable Touch ID in the settings of critical applications, if such possibility is provided;
  • to call the prints friendly names, including the name of the owner of the mark any finger of a hand. So you can verify the substitution of the imprint in the future;
  • to avoid typing a password, when someone sees your phone screen;
  • not to give the password to those who you do not trust 100%;
  • not to get into the field of action cameras at the time of the set password;
  • in the case of loss of phone immediately block it via iCloud.

After treatment specialists to developers to “Sberbank Online”, the company changed the algorithm log in to banking app to ensure protection of user data. The clients of the Bank need to update the app on the iPhone with Touch ID, to include the additional protection.

Clifton Nichols

Clifton Nichols

Hi! I’m Clifton and I am a full-stack engineer with a passion for building performant and scalable applications that are beautiful and easy to use.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *