Roll up, roll up: Cash, Bitcoin and booze offered for iPhone 5S fingerprint scanner hack
Back and fill, infosec maties... keep t' grog comin'
Hackers have taken to crowdfunding in a bid to raise a bounty to hack the iPhone 5S fingerprint scanner.
The IsTouchIDHackedYet.com site has so far received cash offers exceeding $3,250 – and 7.13 Bitcoins, which is a shade over $900 at current exchange rates – from more than 30 people prepared to chip in to offer a "reward to the first person who can reliably and repeatedly break into an iPhone 5S by lifting prints (like from a beer mug)".
The kitty also includes offers to supply bottles of wine, whisky and – in one case – an "under the door tool" (we're not sure what that is either).
It's the sort of thing that might be dreamt up at a boozy post-hacker-con pool party at DefCon in Vegas, except in this case the wheeze is being lubricated through Twitter instead of tequila. The beer mug reference is a bit of a giveaway in explaining the sensibility of the contest.
Linked terms and conditions from the IsTouchIDHackedYet.com site refer to Twitter updates outlining what might be required to win the prize, if not how to go about collecting it.
"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print. I'll put money on this," explains Nick DePetrillo, one of the Twitter users behind the istouchidhackedyet.com site – which was set up by Robert David Graham, who describes himself as a "cyber-insecurity expert".
"Satisfactory video evidence of the print enrollment, lift, reproduction and successful application of the print without locking out will do," he adds.
Apple’s decision to bundle a fingerprint scanner with the iPhone 5S, due out on Friday, has excited a great deal of security commentary. Fingerprint authentication has been bundled with laptops and handheld computers for years, of course, but the inclusion of the "Touch ID" fingerprint authentication in the iPhone 5S propels it into the mainstream – or perhaps more to the point, into the pockets of corporate big wigs (CEs, directors etc).
That means the technology is directly relevant to corporate CISOs and, by extension, intriguing to hacker types, which helps explain the appearance of a “Capture the Flag”-style Jesus phone hacking competition.
There is no word as yet on whether using classic techniques - such as Gummi bears - to defeat fingerprint scanners will earn bonus points in this particular competition. ®