A German security firm SRL claims a vulnerability in Touch ID Fingerprint Scanner and iCloud allows a hacker to access a locked device and potentially gain control over an owner's Apple ID.





SRL points out that Airplane mode can be enabled on a stolen phone from the lockscreen , which turns off wireless connectivity and so defeats the remote wipe facility

This can be accessed without requiring a passcode, could be a major vulnerability when it comes to physically stolen devices.





Find My iPhone app.



In a video demonstration, they point out that while Apple lets users locate and remotely wipe a device using theapp.



Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake Since Find My iPhone can only perform a wipe if a device is connected to the Internet, but because airplane mode will disable Internet Connectivity, that may give a thief enough time to get fingerprints off of the device and eventually log in. An attacker can create a fake fingerprint on a laminated sheet and later attached to one of their fingers, as already explained by another researcher.



