Feeds

Roll up, roll up: Cash, Bitcoin and booze offered for iPhone 5S fingerprint scanner hack

Back and fill, infosec maties... keep t' grog comin'

Build a business case: developing custom apps

Hackers have taken to crowdfunding in a bid to raise a bounty to hack the iPhone 5S fingerprint scanner.

The IsTouchIDHackedYet.com site has so far received cash offers exceeding $3,250 – and 7.13 Bitcoins, which is a shade over $900 at current exchange rates – from more than 30 people prepared to chip in to offer a "reward to the first person who can reliably and repeatedly break into an iPhone 5S by lifting prints (like from a beer mug)".

The kitty also includes offers to supply bottles of wine, whisky and – in one case – an "under the door tool" (we're not sure what that is either).

It's the sort of thing that might be dreamt up at a boozy post-hacker-con pool party at DefCon in Vegas, except in this case the wheeze is being lubricated through Twitter instead of tequila. The beer mug reference is a bit of a giveaway in explaining the sensibility of the contest.

Linked terms and conditions from the IsTouchIDHackedYet.com site refer to Twitter updates outlining what might be required to win the prize, if not how to go about collecting it.

"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print. I'll put money on this," explains Nick DePetrillo, one of the Twitter users behind the istouchidhackedyet.com site – which was set up by Robert David Graham, who describes himself as a "cyber-insecurity expert".

"Satisfactory video evidence of the print enrollment, lift, reproduction and successful application of the print without locking out will do," he adds.

Apple’s decision to bundle a fingerprint scanner with the iPhone 5S, due out on Friday, has excited a great deal of security commentary. Fingerprint authentication has been bundled with laptops and handheld computers for years, of course, but the inclusion of the "Touch ID" fingerprint authentication in the iPhone 5S propels it into the mainstream – or perhaps more to the point, into the pockets of corporate big wigs (CEs, directors etc).

That means the technology is directly relevant to corporate CISOs and, by extension, intriguing to hacker types, which helps explain the appearance of a “Capture the Flag”-style Jesus phone hacking competition.

There is no word as yet on whether using classic techniques - such as Gummi bears - to defeat fingerprint scanners will earn bonus points in this particular competition. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?