“Hackers are gearing up for Friday’s release of the iPhone 5S, aiming to be the first to crack the device’s first-ever fingerprint scanner, a security feature that Apple Inc hopes will set the new model apart from the competition,” Jim Finkle reports for Reuters. “To sweeten the contest, a group of security researchers and a micro venture capital firm have pitched to offer a prize to the hacker who breaks through ahead of the rest. The booty, promoted on the website (http://istouchidhackedyet.com/), includes more than $13,000 in cash, bottles of bourbon and tequila, and other prizes.”
“Among those hoping to win the prizes — and the glory of uncovering potential flaws so Apple can then fix them — is David Kennedy, a former U.S. Marine Corps cyber-intelligence analyst who did two tours in Iraq and now runs his own consulting firm, TrustedSec LLC,” Finkle reports. “‘I am just waiting to get my hands on it to figure out how to get around it first,’ the founder of the DerbyCon hacking conference told the Thomson Reuters Global Markets Forum this week. ‘I’ll be up all night trying.'”
Finkle reports, “To be sure, experts say they know of nothing intrinsically wrong with Apple’s fingerprint reader, based on what the company has so far disclosed. Reviewers this week gushed over its ease of use and reliability… Data used for verification is encrypted and stored in a secure enclave of the phone’s A7 processor chip. No information is sent to any remote servers, including Apple’s iCloud system. HD Moore, a well-known hacking expert and chief researcher with the security software maker Rapid7, said such protections mean ‘the bar is a little bit higher,’ but that certainly won’t discourage hackers from trying to break the new technology.”
“Apple shouldn’t take hackers’ enthusiasm personally,” Finkle reports. “Bugs are often disclosed by ‘white hats,’ or hackers who unearth flaws and report them so manufacturers can repair them, preventing criminal exploitation. The hope is the good guys find them before ‘black hats’ uncover them for nefarious purposes. White hats have found multiple security issues with iPhones, iPads and in the App store since Apple launched its first smartphone in 2007. They say that scrutiny has helped make it one of the most secure devices on the market today.”
Read more in the full article here.
Related articles:
Security researcher: Apple iPhone 5s Touch ID is truly better security – September 19, 2013
Apple’s new iPhone 5s and iPhone 5c arrive in stores on Friday, September 20th – September 17, 2013
Engadget reviews Apple iPhone 5c: A breath of fresh air that will be wildly popular this holiday season – September 18, 2013
Apple’s 64-bit iPhone 5s is by far the fastest smartphone in the world – September 18, 2013
Ben Bajarin: Apple’s new iOS 7 will cause consumers to discover their iPhones all over again – September 18, 2013
John Gruber reviews Apple iPhone 5s: ‘This is what innovation, real innovation, looks like’ – September 18, 2013
AnandTech reviews iPhone 5s: Apple’s 64-bit A7 is seriously impressive – September 18, 2013
TechCrunch reviews Apple iPhone 5s: The best smartphone available – September 18, 2013
Apple’s new iPhone 5S likely to be in exceptionally short supply – September 18, 2013
USA Today’s Baig reviews Apple iPhone 5s: ‘Makes the best smartphone even better’ – September 18, 2013
Mossberg reviews Apple iPhone 5s: ‘The best smartphone on the market’ – September 18, 2013
iPhone 5s pre-orders quickly sell out in China; gold iPhone 5s sells out quickest of all – September 17, 2013
Apple’s new iPhone 5s and iPhone 5c arrive in stores on Friday, September 20th – September 17, 2013
Apple’s Touch ID is revolutionary, paradigm-altering technology; Steve Jobs would be quite proud – September 17, 2013
The wizard behind the curtain for the iPhone 5s: Apple’s M7 motion co-processor – September 16, 2013
Apple’s iPhone 5s with Touch ID seen as protection against U.S. NSA – September 16, 2013
Apple’s new iPhone 5s is the world’s first and only 64-bit smartphone – and it will be king of the hill for quite some time – September 13, 2013
Professional photographer on Apple iPhone 5s’ True Tone dual-LED flash: The sheer engineering prowess here is insane – September 13, 2013
Apple iPhone 5s camera leaps two years ahead of entire camera industry – all cameras, not just smartphone cameras – September 13, 2013
Apple changes the world again, propels biometrics into the mainstream with iPhone 5s’ Touch ID – September 12, 2013
iPhone 5s: Once again Apple leaps ahead with Touch ID fingerprint recognition; a big enterprise win for Apple – September 10, 2013
Apple reveals flagship iPhone 5s with Touch ID, the world’s first and only 64-bit smartphone – September 10, 2013
You can change you password but if someone succeeds in this, you can’t change your fingerprint !
You can’t be that obtuse!? Of course you can change your fingerprint, just use another finger.
You can change to another thread, but you can’t help posting the same unoriginal comment.
I’ll show them! Instead of my finger, I’ll use my d***! Of course, it will make unlocking it a little awkward, but think how secure it’ll be!
——RM
Unless your d*** is too small. Just think how insecure you would be!
(Come on, I meant data, not dick! Geesh.)
This is actually scary. Imagine what would happen if high-security servers with sensitive data (think WikiLeaks, government documents, etc) were hacked into with these types of techniques. High security servers have had fingerprint sensors since, I want to say, the late 80s, but because of this, many older systems could get hacked.
Wrong! Older scanners that scan the surface of your finger are fairly easy to bypass and have proven to be so.
This is new technology that may not apply to other types of sensors. Furthermore, it’s completely internal to Apple.
Touch ID is not a fingerprint scanner. It has no idea what your actual fingerprint looks like. What is does know is how your finger has unique points of conductivity. Based on these ‘points’ Touch ID can confirm it is you and not someone else. I find the name to be genius because it summarizes exactly what the technology is.
… And the Black hats want to poke a lit cigarette in your eye.
Well, here’s to hoping they don’t figure a way around it. But, if they do, then hopefully Apple can/will patch it ASAP.
So much for that. Turns out they didn’t need to bother with it.
http://www.engadget.com/2013/09/19/ios-7-bug/
And it will be patched with the next update. Nothing’s perfect, especially a .0 release..
7.0.1?! Where did that come from? GM is 7.0. What is the downloaded version?
Touch ID won’t have to be unbreakable (nothing is probably). It just needs to be hard enough or costly enough to make it impractical to break.
Besides, the USB/Lightning port is probably a lot easier to crack, so why would hackers limit themselves to the tough security control when a weaker one is available. Bragging rights for the white hats, but I’m sure the black hats are a lot more pragmatic.
I’ll tell you what will happen: a smartass with claim they have managed to crack the system saying it is simple, you just need to ask the owner of the phone repeatedly until he give up and let you register your finger and once you are able to register your finger you have been cracked Apples security… that is pretty much how those “Hacks” works. Most of the time, the “hack” they discover is more social engineering that computing engineering, they depend a lot in the user to be distracted, lazy to put a strong password, interested in nude photos of kurnikova, etc.
Love the phrase “secure enclave”. I feel safer just reading it.
I think it’s great that there is such enthusiasm to try to crack it. It’s new tech and it needs to be battle tested. If there’s a problem you know Apple will fix it.. and if it’s a software fix you’ll get the patch for it, and quickly, unlike Android and probably Windows phones. It only makes Apple’s products better.
“Apple shouldn’t take hackers’ enthusiasm personally,” Finkle reports. “Bugs are often disclosed by ‘white hats,’ or hackers who unearth flaws and report them so manufacturers can repair them”
That isn’t the problem. It’s all the stories that will be flying around claiming that the iPhone is dangerous while ignoring the problems with Android.
For some reason, “Android is dangerous” stories don’t seem to sell as well.
Most of that is just in tech media that the majority of mainstream users don’t even hear or care about. It’s mostly a nerd pissing contest.. and it all blows over and everybody moves on and forgets what happened the month before..
I’m sure the NSA already has collected all our fingerprints already.
@ Critic2
If you take four square feet of aluminum foil and fold it into a pyramid shaped hat and wear it on your head, the NSA is powerless!
Or something.
what does that mean …..your finger has unique points of conductivity. i don’t want to sound gratuitous and dirty but …i think i’m beginning to see the future of some pretty sophisticated sex toys. not that i would be interested ..but say, if there were an app to go with that toy ..and say, it was maybe, 99¢ and say, i was in between boyfriends and for instance, it had an apple logo ..and say, i was really into logos. ok, i veered off the main road but that ‘unique points of conductivity’ thing is very, very interesting.
It probably won’t take them very long, either.
Why does every idiot want to hack Apple these days? Go and break some Microsoft stuff instead. And why break things? Is that enjoyable? It leads to what? Enjoy the design and pleasant use instead. Stop be an ass.