iPhone Fingerprint Hack Contest Dangles $18,000 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

iPhone Fingerprint Hack Contest Dangles $18,000

Crowd-funded effort also promises erotica, bourbon, bitcoins and whiskey to the first person who can successfully bypass the iPhone 5s Touch ID fingerprint reader.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Cryptographers, security researchers, entrepreneurs and at least one journalist and vulnerability broker have been pooling their resources to offer a reward to the first person who manages to successfully fool the Touch ID biometric fingertip scanner built into the new iPhone 5s and unlock.

The Touch ID hacking bounty, first reported by ZDNet, was kicked off following a Wednesday conversation between security researchers Don Bailey and Nick DePetrillo, which resulted in DePetrillo making the following offer via Twitter: "I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100."

"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print," he said. "I'll put money on this."

In short order he did put money on it, and was soon joined by others. According to the IsTouchIDHackedYet? website that he set up with network IPS pioneer and Errata Security CEO Robert David Graham to track the bids, pledgers have included John Hopkins cryptography professor Matthew Green, the Bangkok-based vulnerability seller known as the GrugQ, as well as Arturas Rosenbacher of IO Capital, who Thursday sweetened the pot by $10,000.

[ Guard your smartphone in these cities: Chicago Leads In Smartphone Thefts. ]

By Friday morning, 82 people had been recorded as collectively promising erotica, wine, bourbon, bitcoins and Scottish whisky, as well as cold, hard cash -- nearly $19,000, including the value of bitcoins and euros pledged -- to the winner. The organizers promised to continue watching for related pledges on Twitter.

The popularity of the Touch ID hacking contest seemed to take the organizers by surprise. "Our unofficial internet contest that's based entirely on honor system pledges to defeat a technology that isn't out yet is hysterical," tweeted DePetrillo, who's a senior security researcher at Crucial Security. "Just think of the hackers whose girlfriends will be neglected while they go after this challenge," he added.

Graham said via Twitter that he was "astonished" at the interest in the contest. But he expressed skepticism that Touch ID can be hacked. "I doubt it will be successful ... which is why I'm betting $100 it won't be successful," he said via Twitter. In the meantime, however, he's already ponied up $70 for the hacking contest domain name and six months of hosting, Threatpost reported.

But finding a way to trick Touch ID isn't the only goal of the effort, co-founder Don Bailey, who's a senior security researcher at iSec Partners, told Threatpost. "We want to get more people aware of the new pieces of hardware functionality coming out," he said. "Because not a lot of people are looking at hardware security, and by doing things like this we get to put a spotlight on security in places where people usually presume it's either too easy or too hard."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hlubinv8l
50%
50%
hlubinv8l,
User Rank: Strategist
9/22/2013 | 9:06:22 PM
re: iPhone Fingerprint Hack Contest Dangles $18,000
There is a video today of someone supposedly "hacking" the Touch ID... but it's the same guy who registered his fingerprint that "unlocks" his iphone with something on his fingertip.

Even if you have thick chapped skin on your fingertips, the Touch ID will still recognize you because it reads your sub-dermal prints.

Of course he is going to unlock his own phone, because the Touch ID does not read the surface, but scans below the outer skin to recognize him as the owner.

Duh!!!

We need to see another person who has NOT registered his fingerprints on this phone, using the registered person's printed fingerprint. But the guy who made this video obviously knew that wouldn't work. ;-))

Here is some information about the deep scanning that Touch ID does, and why printing a fingerprint, or using a severed finger will NOT work:

Capacitive -- A capacitive sensor is activated by the slight electrical charge running through your skin. We all have a small amount of electrical current running through our bodies, and capacitive technology utilizes that to sense touch. This is also the same technology used in the iPhone's touchscreen to detect input.

Radio frequency -- RF waves do not respond to the dead layer of skin on the outside of your finger -- the part that might be chapped or too dry to be read with much accuracy -- and instead reads only the living tissue underneath. This produces an extremely precise image of your print, and ensures that a severed finger is completely useless.

This video only proves that Touch ID can still recognize your fingerprint, even if you have something thin between you and the scanner.

This guy is not winning the contest, but nice try to fake things. ;-))
Commentary
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll