A German security firm is claiming that the iPhone 5S's fingerprint sensor can be used to steal the identity of its owner. The discovery, by Security Research Labs, uses the fingerprint sensor hack recently discovered by CCC and then goes one step further, relying on a few assumptions and existing flaws in iOS 7.
SRL's method requires several conditions: The user of the stolen phone has not authorized two-step authentication on his device. They have enabled Touch ID, and have the Control Center facility available on the lockscreen switched on. This allows the thief to switch rapidly to and from Airplane mode, and request a password reset, grab the email and then reset, all while denying the phone's owner the chance to wipe the phone's data. Ta-daa! All the user's personal stuff are belong to us. There are five things that Apple should do, says SRL, in order to minimize this flaw:
Will Apple release a software update to tighten up any of these flaws? And is any thief going to go to such lengths to gain control of a user's phone? My guess is that he would sell it on as quickly as possible.