$15,000, whisky and a sex book: Hackers crowdsource reward to crack Apple's fingerprint sensor on the iPhone 5s
Touch ID comes as standard on Apple's new iPhone 5s but hackers are already trying to find ways to bypass the technology
Friday 20 September 2013
Hackers have launched a competition to successfully crack the security surrounding Touch ID: the fingerprint scanner built into Apple’s newly launched iPhone 5s.
A reward for the first successfully verified hack has been crowdsourced on the site istouchidhackedyet.com.
The pot currently totals more than $15,000 with several bottles of whisky and a “dirty sex book” thrown in.
Individuals involved say that there is no malevolent intent in the competition. Arturas Rosenbacher, founding partner of I/O Capital - a venture capital firm that donated $10,000 to the competition - said that the site would help the hacking community find bugs that Apple might have missed.
“This is to fix a problem before it becomes a problem," Rosenbacher told Reuters. "This will make things safer."
There are no known security flaws specific to Apple’s fingerprint scanner but previous implementations of the technology have been fooled with distinctly lo-tech methods.
One approach known as the ‘Gummy Bear attack’ was pioneered by Japanese cryptographer Tsutomu Matsumoto. It involves photographing fingertips at high-resolution with a digital camera and then transferring this impression onto a fake finger made from gelatine (the gelling agent found in Gummy Bears and other sweets). Using this technique Matsumoto fooled fingerprint scanners 80 per cent of the time.
The fingerprint sensor in Apple’s iPhone 5s initially provoked scepticism over its utility, but reviewers have since praised the company for the seamless integration of the technology. Mainly used to unlock the phone, the sensor is housed in the home button and stores the user’s fingerprint on a “secure enclave” in the 5s.
Reviewing the device for The Independent, David Phelan said: “Once you've got used to not typing in your passcode, keeping your phone secure isn't a chore. I was sceptical of this gimmick but it quickly won me over.”
The 5s has certainly proved popular with customers with demand for the new device (which also includes a 64-bit processor and an upgraded camera) far outstripping supply. Within an hour of the handset being put on sale on Apple's website the shipping time was delayed, first by "7 to 10 business days" and then until October.
Others are less enthusiastic. Robert Hansen of security firm WhiteHat Security told The Independent: “Hackers widely dislike fingerprint technology. The security world has been trying to tell companies for years that biometrics like fingerprints are the passwords that can never change and that you leave every place you touch.”
“Hackers dislike the privacy implications of the potential for companies to harvest fingerprint data - especially in light of the privacy issues being released in Snowden's NSA leaks, people are becoming less trusting of companies storing sensitive and irrevocable information like fingerprints.”
Experiments with Touch ID have also found that it's not just human fingerprints that the technology responds to. Darrell Etherington of TechCrunch managed to set up his iPhone 5s so that is unlocks in response to the heel of his palm, the skin on his arm, and even his cat's paw.
"Note that no other paw pads would unlock the device, and that cats essentially have unique “fingerprints” just like people, so this doesn’t make the Touch ID sensor any less secure," wrote Etherington. See below for a video of his findings in action.
Life & Style blogs
iOS 8 apps and features: eight iPhone settings you need to look at after you install the update
iPhone 'Wave': iOS 8 hoax claims you can charge your iPhone in the microwave - you can't
From Topshop to Burberry, London Fashion Week spring/summer 2015: Distraction could not disguise a distinct lack of focus
Exclusive interview with Jourdan Dunn: Mother, one of the world's best-paid models and ambassador for sickle-cell disease
No new blood and no fresh ideas at Milan Fashion Week: How do you solve a problem like Milano?
Scotland could still declare independence – even without referendum, says Alex Salmond
Scottish independence referendum: A nation divided against itself
Scottish referendum results: Cross-party consensus collapses amid Tory-Labour spat on the 'English question'
Hilary Mantel 'should be investigated by police' over Margaret Thatcher assassination story, says Lord Bell
Scottish independence: David Cameron is becoming the 'George Bush of Britain'
Plebgate MP Andrew Mitchell called officer a 'little s**t', claim court documents 'exposing ex-Chief Whip's 'record of abusing police'
- 1 All Blacks Aaron Cruden misses New Zealand flight after drinking session, has brilliant excuse
- 2 Kim Kardashian 'nude photos' leaked on 4chan weeks after Jennifer Lawrence scandal
- 3 'F*ck it, I quit': TV reporter Charlo Greene quits live on air in spectacular fashion
- 4 Alicia Keys leaks nude photo 'to create a kinder and more peaceful world'
- 5 Clothes store Joy angers mental health campaigners with Twitter exchange on bipolar disorders
iJobs Gadgets & Tech
£20000 - £25000 per annum + OTE £40,000: SThree: SThree are a global FTSE 250 ...
£20000 - £25000 per annum + OTE £40000: SThree: As a Recruitment Consultant, y...
£20000 - £25000 per annum + OTE £40,000: SThree: SThree Group have been well e...
£15 - £17 Per Hour: Clearwater People Solutions Ltd: Our client is currently r...