A prize of more than $19,000 (and counting) in cash, bitcoins, and booze is being offered to the first hacker to crack the fingerprint scanner on Apple's newly released iPhone 5S.
The contest is being run by a micro venture capital firm and a group of security researchers and requires the hacker who wins the prize to "reliably and repeatedly break into an iPhone 5s by lifting prints (like from a beer mug)," according to the website istouchidhackedyet.com.
Touch ID, the fingerprint scanner present on the more expensive of Apple's two new iPhones, is supposed to make users' personal details more secure and can also be used to make iTunes purchases. The scanner offers a 500 pixel-per-inch resolution and can read sub-epidermal skin layers, storing encrypted fingerprint data (although, crucially, not images of the prints themselves) locally on the phone's chip, but doubts about quite how secure it is are being expressed.
US Senator Al Franken (D-MN), who is also chairman of the Senate's Judiciary Subcommittee on Privacy, Technology, and the Law, has written to Apple chief Tim Cook expressing his concern over the fingerprint scanner. In the letter, Franken describes himself as an iPhone user but says that while Touch ID "may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple."
He goes on to say that while Apple claims the fingerprint is "one of the best passwords in the world" that they are also "public and permanent," while "passwords are secret and dynamic." A list of 12 questions follows, which Franken wants answers to within a month in order to establish a public record of how Apple has addressed privacy issues internally. His main concern is that if the technology is widely implemented, and hackers can get hold of your fingerprints, then they "could use it to identify and impersonate you for the rest of your life."
Hence, it's not just for kicks that the hacking of Touch ID is being encouraged. Finding and exposing flaws in new technologies and softwares is vital in order to ensure loopholes can be closed before they can be exploited by anyone with dishonorable intentions.
"This is to fix a problem before it becomes a problem," says Arturas Rosenbacher, founding partner of Chicago's IO Capital, which donated $10,000 to the hacking contest, speaking to Reuters. "This will make things safer."
Many bugs have been discovered by hackers across Apple's product range, and the work done by these so-called "white hats" who report flaws back to the company help to make the tech we all use each day even more secure. A security flaw which allows anyone to bypass the lock screen of an iPhone running iOS 7, which was released on 18 September, has already been discovered by a hacker. Apple has acknowledged the bug and is currently working on a fix.
Apple seems pretty sure that Touch ID is secure, but independent research is often the best way to confirm such claims. Two security researchers are currently claiming that Apple could decrypt its end-to-end iMessage encryption that the company claims is completely secure, TechCrunch reports. The researchers from Quarkslab will present their findings at a talk entitled How Apple Can Read Your iMessages and How You Can Prevent It during Asia's HITB Security Conference in Asia next month.
"Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer," reads the presentation abstract.
As for Apple's fingerprint scanner, David Kennedy, a former US Marine Corps cyber-intelligence analyst, has told Reuters that it might be possible to lift a user's fingerprint from elsewhere on the device and clone it. For now the status on istouchidhackedyet.com remains a bolded "No!", and it's still impossible to say whether it will change over time. One thing we can be sure of is that there are plenty of people out there trying their hardest to ensure it does.
This post originally appeared on Wired UK.
reader comments
110