iPhone Fingerprint Hack Contest Dangles $18,000 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


iPhone Fingerprint Hack Contest Dangles $18,000

Crowd-funded effort also promises erotica, bourbon, bitcoins and whiskey to the first person who can successfully bypass the iPhone 5s Touch ID fingerprint reader.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Cryptographers, security researchers, entrepreneurs and at least one journalist and vulnerability broker have been pooling their resources to offer a reward to the first person who manages to successfully fool the Touch ID biometric fingertip scanner built into the new iPhone 5s and unlock.

The Touch ID hacking bounty, first reported by ZDNet, was kicked off following a Wednesday conversation between security researchers Don Bailey and Nick DePetrillo, which resulted in DePetrillo making the following offer via Twitter: "I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100."

"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print," he said. "I'll put money on this."

In short order he did put money on it, and was soon joined by others. According to the IsTouchIDHackedYet? website that he set up with network IPS pioneer and Errata Security CEO Robert David Graham to track the bids, pledgers have included John Hopkins cryptography professor Matthew Green, the Bangkok-based vulnerability seller known as the GrugQ, as well as Arturas Rosenbacher of IO Capital, who Thursday sweetened the pot by $10,000.

[ Guard your smartphone in these cities: Chicago Leads In Smartphone Thefts. ]

By Friday morning, 82 people had been recorded as collectively promising erotica, wine, bourbon, bitcoins and Scottish whisky, as well as cold, hard cash -- nearly $19,000, including the value of bitcoins and euros pledged -- to the winner. The organizers promised to continue watching for related pledges on Twitter.

The popularity of the Touch ID hacking contest seemed to take the organizers by surprise. "Our unofficial internet contest that's based entirely on honor system pledges to defeat a technology that isn't out yet is hysterical," tweeted DePetrillo, who's a senior security researcher at Crucial Security. "Just think of the hackers whose girlfriends will be neglected while they go after this challenge," he added.

Graham said via Twitter that he was "astonished" at the interest in the contest. But he expressed skepticism that Touch ID can be hacked. "I doubt it will be successful ... which is why I'm betting $100 it won't be successful," he said via Twitter. In the meantime, however, he's already ponied up $70 for the hacking contest domain name and six months of hosting, Threatpost reported.

But finding a way to trick Touch ID isn't the only goal of the effort, co-founder Don Bailey, who's a senior security researcher at iSec Partners, told Threatpost. "We want to get more people aware of the new pieces of hardware functionality coming out," he said. "Because not a lot of people are looking at hardware security, and by doing things like this we get to put a spotlight on security in places where people usually presume it's either too easy or too hard."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll