Crowd-sourced site offers cash, wine, Bitcoins for hackers to crack iPhone 5s' Touch ID

By Kevin Bostic

Even as the iPhone 5s sells out in stores, a collaboration between a micro venture capital firm and a group of security researchers is offering a mix of cash, alcohol, and other goods to the first hacker that can crack the biometric security feature built into the device's Touch ID sensor.

The website istouchithacketyet.com is aimed at getting the hacking community devoted to demonstrating a method to "reliably and repeatedly break into an iPhone 5s by lifting prints (like from a beer mug)." To that end, a number of contributors have pitched in hundreds of dollars in cash, Bitcoins, wine, patent applications, whiskey, tequila, and books as an incentive to crack Apple's security feature.

The largest donation, according to Reuters, comes from Arturas Rosenbacher, founding partner of Chicago's IO Capital. Rosenbacher has pledged $10,000 to the competition, and he says his aim is noble.

"This is to fix a problem before it becomes a problem," Rosenbacher said. "This will make things safer."

Since it was unveiled, the Touch ID biometric sensor has been the subject of much speculation and commentary. A number of public advocates and officials have expressed concern over the privacy implications inherent in using fingerprints to secure a device.

"There are reasons to think that an individual's fingerprint is not 'one of the best passwords in the world,'" Senator Al Franken (D-Minn.) wrote in a letter to Apple CEO Tim Cook. "Passwords are secret and dynamic; fingerprints are public and permanent. If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change it — as many times as you want. You can't change your fingerprints."

Apple has already detailed the technology behind its biometric sensor, noting that it does not send gathered data to Apple servers, instead keeping it in a secure enclave in Apple's A7 SoC. Apple also points out that the device is not perfect, and it may give inaccurate readings due to moisture, conductive debris, and scarring on fingers.

Touch ID is not the only target for hackers and tinkerers, though. One recent finding showed that the iOS 7 lockscreen can be bypassed relatively easily due to a new iOS 7 feature, potentially giving up access to a user's Mail, Photos, and Twitter apps. Apple has promised a fix for the vulnerability in the near future.