Hack Apple's Touch ID and get $20,000, a sex book and a bottle of whiskey

By

Biometric authentication targeted, butlegacy password lock already bypassed.

Security researchers have launched a crowd-funding website offering a bounty of around $US20,000 to the first person who can lift fingerprints to break into an iPhone 5s.

Hack Apple's Touch ID and get $20,000, a sex book and a bottle of whiskey

The new Apple phone uses a biometric fingerprint scanner dubbed Touch ID for log in access to the device and to authenticate purchases on the device through iTunes and the App Store.

On offer is a colourful array of cash and prizes including cash and bitcoin donations, alcohol and a sex book pledged by .columnist Violet Blue

The largest funding came from mobile app developer backer I/OCapital which pledged $US10,000 but it reneged on its $US10,000 pledge to to whoever could reliably and repeatedly bypass the new TouchID biometric authentication mechanism.

Hackers will need to offer video evidence of the print enrollment, lift, reproduction and successful application of the print to access the device.

I/O Capital Partners co-founder Arturas Rosenbacher said the TouchID mechanism could be either a boost for security or a mere appearance of such.

“When we first got word of the fingerprint scanner, all of us took a big breath,” Rosenbacher told SC.

"Having it on the iPhone, that's a whole new ballpark for security. But is it actually more security, or is it just a false sense of security? What good is the sensor if you can just pull a print right off of it?”

He said it was also hoping to test the security of the mechanism before it was more widely adopted, adding several researchers were keen to take on the challenge.

Several techniques exist to bypass fingerprint readers, including the 'Gummi Bear attack' proposed by Japanese cryptographer Tsutomu Matsumoto in 2002 which used gelatin to replicate fingerprints. The substance has close to the same capacitance as human skin, meaning fooled scanners that detected electrical charges.

Apple did not immediately reply to a request for comment about the funding campaign.

Meanwhile, 36-year-old soldier Jose Rodriguez has bypassed the old password login system on the new mobile iOS operating system. The Canary Islands native told Forbesvulnerability in iOS 7 allowed the lock screen to be bypassed in seconds granting access to user data including photos, emails and Twitter.

Apple had already fielded other privacy and security complaints about the new operating system.

The chief flaw regarded the ease with which the Find My iPhone and Find My iPad device tracker apps could be deactivated.

Airplane mode -- which severed wireless connectivity --  could now be activated from the lock screen (meaning without user authentication) which would render the tracking apps useless.

In previous iOS installments, the lost phone app could be deactivated by removing a SIM card.

iOS 7 fixes more than 80 flaws still existing in versions of iOS 6, including a vulnerability that involves malware being installed to iPhones when plugged into a compromised charger.

With Darren Pauli.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?