Roll up, roll up: Cash, Bitcoin and booze offered for iPhone 5S fingerprint scanner hack

Back and fill, infosec maties... keep t' grog comin'

By John Leyden, 19th September 2013

Hackers have taken to crowdfunding in a bid to raise a bounty to hack the iPhone 5S fingerprint scanner.

The IsTouchIDHackedYet.com site has so far received cash offers exceeding $3,250 – and 7.13 Bitcoins, which is a shade over $900 at current exchange rates – from more than 30 people prepared to chip in to offer a "reward to the first person who can reliably and repeatedly break into an iPhone 5S by lifting prints (like from a beer mug)".

The kitty also includes offers to supply bottles of wine, whisky and – in one case – an "under the door tool" (we're not sure what that is either).

It's the sort of thing that might be dreamt up at a boozy post-hacker-con pool party at DefCon in Vegas, except in this case the wheeze is being lubricated through Twitter instead of tequila. The beer mug reference is a bit of a giveaway in explaining the sensibility of the contest.

Linked terms and conditions from the IsTouchIDHackedYet.com site refer to Twitter updates outlining what might be required to win the prize, if not how to go about collecting it.

"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print. I'll put money on this," explains Nick DePetrillo, one of the Twitter users behind the istouchidhackedyet.com site – which was set up by Robert David Graham, who describes himself as a "cyber-insecurity expert".

"Satisfactory video evidence of the print enrollment, lift, reproduction and successful application of the print without locking out will do," he adds.

Apple’s decision to bundle a fingerprint scanner with the iPhone 5S, due out on Friday, has excited a great deal of security commentary. Fingerprint authentication has been bundled with laptops and handheld computers for years, of course, but the inclusion of the "Touch ID" fingerprint authentication in the iPhone 5S propels it into the mainstream – or perhaps more to the point, into the pockets of corporate big wigs (CEs, directors etc).

That means the technology is directly relevant to corporate CISOs and, by extension, intriguing to hacker types, which helps explain the appearance of a “Capture the Flag”-style Jesus phone hacking competition.

There is no word as yet on whether using classic techniques - such as Gummi bears - to defeat fingerprint scanners will earn bonus points in this particular competition. ®

5 ways to reduce advertising network latency

23 Reader Comments

5 ways to reduce advertising network latency

Implementing the tactics laid out in this whitepaper can help reduce your overall advertising network latency.

Reg Reader Research: SaaS based Email and Office Productivity Tools

Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.

Email delivery: 4 steps to get more email to the inbox

This whitepaper lists some steps and information that will give you the best opportunity to achieve an amazing sender reputation.

High Performance for All

While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?

5 ways to prepare your advertising infrastructure for disaster

Being prepared allows your brand to greatly improve your advertising infrastructure performance and reliability that, in the end, will boost confidence in your brand.

Search more Resources