German security researchers have shown how an iPhone 5s thief can defeat attempts to remotely wipe the device and, with the help of a spoofed fingerprint, hijack the handset owner's iCloud and iTunes accounts.
Security researchers at German security firm SR Labs have shown that Apple's new iOS 7 Control Centre shortcut to Airplane mode, which can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices.
By turning on Airplane mode, the attacker can prevent the victim's attempts to remote wipe the device using Apple's Find My iPhone app through iCloud.
As the researchers show in a video on YouTube, it could give the attacker enough time to go about creating a spoofed fingerprint to bypass the the iPhone 5s' TouchID fingerprint reader and begin using password reset features to hijack the victim's iCloud and iTunes accounts, and any other linked accounts such as Gmail.
Source
Last edited by a moderator:
