Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Crowd-sourced site offers cash, wine, Bitcoins for hackers to crack iPhone 5s' Touch ID

Even as the iPhone 5s sells out in stores, a collaboration between a micro venture capital firm and a group of security researchers is offering a mix of cash, alcohol, and other goods to the first hacker that can crack the biometric security feature built into the device's Touch ID sensor.

The website istouchithacketyet.com is aimed at getting the hacking community devoted to demonstrating a method to "reliably and repeatedly break into an iPhone 5s by lifting prints (like from a beer mug)." To that end, a number of contributors have pitched in hundreds of dollars in cash, Bitcoins, wine, patent applications, whiskey, tequila, and books as an incentive to crack Apple's security feature.

The largest donation, according to Reuters, comes from Arturas Rosenbacher, founding partner of Chicago's IO Capital. Rosenbacher has pledged $10,000 to the competition, and he says his aim is noble.

"This is to fix a problem before it becomes a problem," Rosenbacher said. "This will make things safer."

Since it was unveiled, the Touch ID biometric sensor has been the subject of much speculation and commentary. A number of public advocates and officials have expressed concern over the privacy implications inherent in using fingerprints to secure a device.

"There are reasons to think that an individual's fingerprint is not 'one of the best passwords in the world,'" Senator Al Franken (D-Minn.) wrote in a letter to Apple CEO Tim Cook. "Passwords are secret and dynamic; fingerprints are public and permanent. If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change it — as many times as you want. You can't change your fingerprints."

Apple has already detailed the technology behind its biometric sensor, noting that it does not send gathered data to Apple servers, instead keeping it in a secure enclave in Apple's A7 SoC. Apple also points out that the device is not perfect, and it may give inaccurate readings due to moisture, conductive debris, and scarring on fingers.

Touch ID is not the only target for hackers and tinkerers, though. One recent finding showed that the iOS 7 lockscreen can be bypassed relatively easily due to a new iOS 7 feature, potentially giving up access to a user's Mail, Photos, and Twitter apps. Apple has promised a fix for the vulnerability in the near future.



68 Comments

🍪
rich gregory 11 Years · 121 comments

Well that's bound to happen.

 

I guess it's better to have a group that's not necessarily criminals working on this in the open. I hope Apple appreciates all the hard work that they're getting for free! 

 

We will see..

drblank 18 Years · 3384 comments

Anyone hack into the Fingerprint sensor?

🎅
9secondko 20 Years · 869 comments

Wow. this is the measure of success. I can't even touch my iPhone 5S yet and these haters are luring hackers with rewards? Who's behing the front? Samsung? Google? Sheesh. Anything can be hacked. Anything. But can it be hacked in REALISTIC, REAL WORLD setting (ie: getting up to go to the restroom, but forgetting your phone on the desk for 5 minutes)? And even so, the scanner is an alternative to password. And Apple has already said it is not perfect. So funny how I never see this kind of thing happen to MS, Google, etc. Probably because then, nobody would even care. It's expected of them to fail.

🌟
rich gregory 11 Years · 121 comments

Quote:
Originally Posted by 9secondko 

Wow.

this is the measure of success.

I can't even touch my iPhone 5S yet and these haters are luring hackers with rewards?

Who's behing the front? Samsung? Google?

Sheesh.

Anything can be hacked. Anything.

But can it be hacked in REALISTIC, REAL WORLD setting (ie: getting up to go to the restroom, but forgetting your phone on the desk for 5 minutes)?

And even so, the scanner is an alternative to password. And Apple has already said it is not perfect.

So funny how I never see this kind of thing happen to MS, Google, etc.

Probably because then, nobody would even care. It's expected of them to fail.

 

Anything can be hacked. Including fingers!

 
Sorry, couldn't resist. 
 
I think you're right, our (the public) perception of Apple is 'better' and when MS or any of the Droid stuff have mis-steps it seems to be a much less of a 'big deal.' Heck, I'd say a lot of the public expect MS to suck now... in anything else but X-Box. Why they don't do a Toyota/Scion move and leverage x-box I don't know. X-box should make their next phone. 

🎅
gazoobee 15 Years · 3753 comments

This seems unlikely to me based on descriptions of how the enclave works. Besides which how do you get the hacking software onto the device without physical or admin access? Even then, the enclave will not communicate with anything other than the hardware of the sensor itself, so you'd have to get software on the device that can somehow present itself as a fake hardware sensor and communicate with the enclave. Even then, what you'd get out is a bunch of hashed encrypted data, not actual fingerprint images at all. It would be easier to create a "fake finger" than it would be to hack into the enclave in the traditional manner of hackers.