Touch ID Being Used to Trick Users

Finger print Scanning Identification System. Biometric Authorization and Business

Touch ID is a great way of securing your phones. Touch ID has become so widely used and accepted, it is used often used instead of typing in your password. When making purchases in the app store or when logging into your banking app, users seamlessly touch their home button and get through.

Unfortunately, con-artists have begun to use Touch ID to scam users. Two malicious IOS apps were found scamming users via touch ID. These apps have been taken down by the apple store. The fitness based apps: ‘Fitness Balance app’ and ‘Calories Tracker app’, tricked users into paying large sums of money by holding their finger on the home button. These payments were as much as $119.99 dollars. The scam was first discovered by a Reddit user, who uploaded videos onto the website.

After users first install the app and open it, the app pointed them to press their finger on the Touch ID sensor to set up it up. Instead, when the users use the Touch ID, they end of paying and approving purchases.  As soon as the user touched, a popup would quickly appear and leave saying they were making an in-app purchase. If the user was not making close attention, they would not even notice that they approved of an purchase.

Stephen Cobb, a security researcher at ESET, stated

“Someone cleverly figured out they could use the way that’s implemented to get people to do things that they don’t want to do.

Although, it is unknown who created the apps, it appears that the fitness appswere created by the same developer due to their similarities. It is also uncertain how many people were duped into giving money through these apps. Unfortunately, these apps were able to make it past the Apple Store’s initial inspection before release. Rogue apps are a big issue and it is important for users to be wary of what they download. To avoid being scammed, users can turn off ‘in app purchases’ from their phones. This way when a user accidentally downloads a malicious app purchases cannot be made.

This article originally appeared on LIFARS.com.