Apple's latest iPhones are vulnerable to the same fingerprint forging attack as the older iPhone 5S, allowing access to the phone via a fingerprint fabricated with some specialized knowledge and materials costing less than a thousand dollars, according to a researcher who reproduced the attack against the latest iPhones.
Mark Rogers, principal security researcher for mobile security firm Lookout, used techniques common to law enforcement investigators and prototypers to first lift latent prints from the device and then create a mold from a custom circuit-board kit. Then, using glue, he made a thin rubber print that he placed over his thumb, fooling the Touch ID sensor on the latest iPhones.
While his experiments suggested that Apple improved the sensor on the latest iPhones—it rejected slightly fewer legitimate prints and slightly more fake prints—Rogers found that the technique still works on the iPhone 6 and 6 Plus.