Sign in with
Sign up | Sign in

First iPhone Fingerprint Reader Hacker Could Win Cash, Booze

By - Source: Tom's Guide US | B 12 comments
Tags :

People on Twitter claim the new fingerprint reader on the iPhone 5s will be hacked within days, but security experts are offering them a challenge: If it's so easy, do it yourself and win more than  $15,000.

Along the lines of doineedajacket.com and istherewhitesmoke.com, websites that answer only one yes-or-no question, chief executive officer of Errata Security Robert David Graham created istouchidhackedyet.com on Wednesday (Sept. 18).

As the URL suggests, the site exists to keep track of whether anyone has hacked the iPhone 5s' fingerprint scanner.

"It started with a conversation on Twitter," Graham told Tom's Guide. "Security experts are discussing the fact that Apple is not stupid, and that their fingerprint system is better than a lot of people give them credit for."

MORE: Why the iPhone 5S Won't Revolutionize Mobile Gaming

Graham and his colleagues noticed that Twitter was absolutely chock-a-block with armchair security experts. These men and women believed that anyone willing to lift fingerprints from a surface and reproduce the prints on a sufficiently pliable material could bypass the new iPhone's fingerprint-scanning authentication system.

Arturas Rosenbacher, a high-profile tech entrepreneur and developer in Chicago, offered $10,000 to the first person who could successfully hack the Touch ID system.

Soon, others, mostly information-security experts, followed suit with whatever they felt they could spare. Most offered $100 (or 100 euros), but some ponied up Bitcoins, expensive bottles of liquor and, in one instance, "a dirty sex book."

"It's about putting our money where our mouth is," Graham said. "Just do it and win the money. If you're claiming a theoretical approach will work, but you're not actually willing to do it and win the money, you're going to look like an idiot."

Graham himself put up $100, and is fully prepared to surrender it within the next few months. He expects someone will think of a totally unorthodox method that's never been tried before and wow the experts.

"It'll be some weird, off-the-wall, no-one-ever-thought-of, strange thing," he said.

There is, of course, a chance that a teenager will discover a way to hack the Touch ID, meaning that sending bottles of booze could land the well-meaning security experts in a lot of trouble.

When the time comes to pay, though, it'll be up to each individual expert to make good on his or her promise.

"This isn't really Kickstarter. This is more of a LOLstarter," Graham said, referring to the common Internet abbreviation for "laughing out loud." "I think 80 percent [of the experts] will make good."

Graham includes Rosenbacher and his generous $10,000 offer in the 80 percent.

There's even an off chance that the Touch ID could be hacked by using a body part aside from a finger entirely. After all, if the device can read a cat's paw, as one tech blogger has already proved, it could theoretically read an elbow or a toe.

"That's one plausible thing that might happen," Graham said.

Follow Marshall Honorof @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Display all 12 comments.
This thread is closed for comments
  • 2 Hide
    g00fysmiley , September 20, 2013 2:41 PM
    challenge accepted
  • 3 Hide
    house70 , September 20, 2013 3:46 PM
    Booze is a slow poison....

    But we have plenty of time.
  • -1 Hide
    irish_adam , September 20, 2013 4:21 PM
    This would involve me buying a 5S and as i refuse to buy anything apple it wont be happening anytime soon. I hope someone does though and really soon just so i can lol at the arrogance
  • -1 Hide
    otacon , September 20, 2013 5:21 PM
    Waiting for Samsung's ME TOO ME TOO soon...oh wait..already happened.
  • 0 Hide
    rhangman , September 20, 2013 7:03 PM
    Be interesting to see if it is possible to lift the print from the phone itself. Mythbusters did fingerprint scanners some time back the method they used would be a good start.
  • 2 Hide
    ap3x , September 21, 2013 8:38 AM
    Given that they are reading sub dermal this might be harder than most think. Another thing to point out is that Apple is not actually taking the finger print itself but rather line break points in the print. Should be interesting to see what happens since their is a monetary reward for the efforts.

    Chances are that they are going to try intercept and copy the data transmission of whatever validation occurs once the finger is put on the phone rather then tricking the finger print reader itself or accessing the data storage.

    If this manages to pass for the most part then this will be great for Apple. My guess is that they have pretty big plans for this technology in the future so they could use the information that comes out of this as either a validation of their implementation or a way to fix issues in it before they move forward.
  • 0 Hide
    John Bauer , September 21, 2013 10:53 AM
    I remember what the mythbusters did. They simply printed out a fingerprint and it worked.
  • -1 Hide
    shin0bi272 , September 21, 2013 12:14 PM
    Thats exactly what I was thinking John
  • 0 Hide
    xybercoke , September 21, 2013 4:20 PM
    these f*&^en spam bots
  • 0 Hide
    ap3x , September 21, 2013 6:24 PM
    John, You do realize that the iPhone 5s fingerprint reader is sub dermal right? It is actually a capacitance reader. The outer layer where your finger print is non-conductive, the sub-dermal layer is actually conductive. So the iPhone's biometric sensor is actually reading the differences in conductivity to create the print. You won't be able to bypass it with just a lifted print like the Myth Buster guy's did.

    Also, keep in mind that the outer ring is used to let the sensor know to activate. It may also be emitting a small current to make the capacitance clearer to read. This would also explain why it works even when your finger is placed on the button in a different position. This is something that a traditional finger print reader would have a hard time with. So unless you can imitate how you fingers pass current you are going to be out of luck.

    At some point you guys should just give them a little credit. The way they have engineered this thing is pretty solid. The hackers are probably just going to focus on the data transmission rather then trying to fake out the reader itself.

    Also keep in mind that the dust and lift approach to bypass Biometric security is pretty old school. There have been allot of advancements since then.
  • 0 Hide
    rwinches , September 22, 2013 12:10 AM
    How to crack an iPhone - Guaranteed!

    Wait till the iSchmuck isn't looking, then grab the iPhone and throw it with all your might at the nearest hard surface.

    Bitcoins accepted.
  • 0 Hide
    flong777 , September 22, 2013 3:19 AM
    1. "These men and women believed that anyone willing to lift fingerprints from a surface and reproduce the prints on a sufficiently pliable material could bypass the new iPhone's fingerprint-scanning authentication system."

    Ummm NO! The sensor is designed to only read living tissue according to professional reviews I have read.

    This is the fourth negative Apple artile I have read today on Tom's Hardware and all of them are poorly researched and poorly written.

    Ask yourself, what the hell is the point of this article - no smartphone security system is unbreakable or perfect. If the fingerprint security is not perfect, I am still willing to bet that it is the best in the business. I am also willing to bet it is much better than a four-digit security code which of course is the hallmark of smartphone security.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter