Security vulnerability of Apple’s TouchID/FaceID

apple touchid faceid vulnerability IOS macOS security

A disclosure vulnerability report has been unraveled by the Cyber community expert’s about Apple TouchID. The report was submitted in February, in which Apple responded with a server update to address the issue.

According to the uncovered truth, an iCloud session can be compromised by perpetrators by injecting malicious code upon navigating through apps or websites that require a user to authenticate their biometrics through the Apple TouchID functionality. Since doing this authentication bypasses 2 multi-factor authentications, they can easily log in to the desired apps or website as it considers the biometrics A-Touch and trusted device access as the Open Authenticator. Perpetrators can easily embed their customized malware or spyware to capture the authentication handshake from Apple API, upon sending the grant token access after it receives the permission through the user biometrics. The weakness was confirmed after an ethical hack successfully demonstrated in the disclosure report through cross-site scripting. After it compromised the domains that are whitelisted in Apple API such as apple.com, icloud.com, and icloud.com.cn, hijackers will have open access to the device as it captures the authentication token grants from the Apple server. Thus, perpetrators can gain access to photos, apps list, and information of the user stored on their iCloud storage.

 

In a similar scenario, these experts also included a report wherein perpetrators can exploit and gain access to the user device and iCloud accounts through an unsecured network using the TouchID vulnerability.

 

The evidence shows that when an Apple user that usually connects Free-WiFi access through airports, hotels, and other establishments can be a victim of this identity theft. Since most legitimate free wifi access uses a guest login access page to limit a user timed-connection to cater to other people’s needs for free access. The perpetrators take advantage of this as they can broadcast through this location a mimicry of an official website authenticator of the said establishment. Through this, they will ask the user to authenticate through the Apple TouchID function to be able to connect to the hotspot. Since the domain is controlled by theses hijackers, once the user does the authentication, they can easily capture the victim’s credentials in which the attackers use to infiltrate the account and get access to photos, messages, iCloud storage, and apps installed list that uses Apple Authentication.

Other news was also uncovered that Apple has recently done another patch update as it receives a report through trusted cybercommunity experts exposing the vulnerability found on the ‘Sign In with Apple.’

Apple Inc was thankful for the received report and has responded immediately to this discovered vulnerability on their system – the fix was done in server-side. They are fully committed to their user security, and such scenarios are given importance by the company. Generally, they warned the public to be more vigilant and cautious about the apps and websites that they are to install and access. This is to ensure that you are giving authentication to legitimate and uncompromised apps and websites.

About the author

iZOOlogic

Leave a Reply