White hat website offers bounty for iPhone 5S hack

iPhone 5S hack contest

iPhone 5S hack contest

A pair of known white hat hackers have put up a website challenging geeks all over to successfully document an iPhone 5S hack by lifting a fingerprint and fool the phone’s Touch ID sensor. To sweeten the iPhone 5S hack challenge, IsTouchIDHackedYet.com, is offering an array of rewards such as cash, bitcoins (a type of digital currency), bottles of liquor, free patent applications, and even a “dirty sex book.”

The website was created by Nick DePetrillo, a computer security researcher known for demonstrating how to hack smartphones, and Robert David Graham, owner of cybersecurity firm Errata Security. The two also invite donors to contribute to the bounty, hence the eclectic mix of rewards.

“The whole point of #istouchidhackedyet was to put up or shut up with regards to criticisms of Apple’s Touch ID security and implementation,” DePetrillo wrote on Twitter Saturday.

In another tweet, he added: “I personally believe (for once) a company has implemented a unique feature (Touch ID) in a reasonably secure way.”

iPhone 5S hack competition

The rules for the iPhone 5S hack-athon is simple. A hacker must lift a fingerprint from the phone or anywhere else and reproduce it in a way that would allow him to unlock an iPhone 5S in less than five tries. The procedure has to be fully documented on video.

As of this posting, the website announced that they might have a winner of the iPhone 5S hack contest. “The Chaos Computer Club in Germany may have done it! Awaiting video showing them lifting a print (like from a beer mug) and using it to unlock the phone. If so, they’ll win.”

The new iPhone 5S, which was launched on retail last Friday, comes with a fingerprint sensor on its Home button for more security. The new security system, which Apple calls Touch ID, requires users to “register” their print with the device. From there, they can unlock the smartphone by placing the finger or thumb they used in registering on the Home button. Other persons’ fingerprints will not unlock the phone, thus protecting the iPhone 5S from thieves.

Source: CNN

UPDATE: Chaos Computer Club has posted their video as proof they have hacked the Touch ID by replicating a user’s print. They achieved it by lifting a fingerprint from a glossy surface like glass, dusting it with graphite and photographing it at 2,400 pixels per inch. The fake fingerprint was reproduced at 1,200ppi on film, coated with latex milk or wood glue, breathed on to keep it moist, and placed over the home button. It worked. Laborious, but it worked.

Leave a Reply

Back to top