Hackers crowdfund bounty to hack iPhone 5S fingerprint scanner

Summary:Just as Apple's iPhone 5S is about get into the hands of consumers, hackers offer a growing bounty to whoever hacks Apple's fingerprint scanner. UPDATED.

Apple's iPhone 5S comes with a fingerprint scanner and it is now the subject of an online contest started by hackers who are offering a bounty to the first person to hack the biometric lock.

The list at istouchidhackedyet.com is open to anyone who wants to join in offering a reward, and the amount total for doing the dirty deed is growing by the hour.

UPDATE 9/19 12:36 PDT: The total crowdsourced bounty for istouchidackedyet is now over $15,000 - VC firm and startup accelerator IO Capital has added $10,000 to the contest. See: Charlatan hijacks iPhone 5S fingerprint hack contest, fools press . Apple has not responded.

The iPhone 5S is already in "short supply" for Friday's launch - and hackers are most certainly among those eager to get their hands on the premium phone.

As of this writing the amount of the community-sourced, crowdfunded bounty is $2200 (plus various items and bottles of alcohol), from 28 individuals. Of course, some of the payment is in Bitcoin.

Apple is not on the list.

Those interested in joining the bounty offer simply need to tweet their amount or offering to the #istouchidhackedyet hash tag.

Apple added the fingerprint scanner as a security boost for its flagship device, and a biometric lock is what could straddle the line between convenience and security for many consumers.

iphone 5s bounty

The scanner on Apple's new phone is a capacitance scanner. Rather than using the electro-optical method to capture and record a fingerprint, which produces an image, Apple's scanner uses capaciative cells and conductor plates to create feedback that generates a code.

For the iPhone 5S, fingerprint ridges cause tiny plates to contact and close a circuit and generating current. Apple's software reads the energy of each cell to select which one is under a ridge and which is under a valley.

After the print is read and code is generated, it's sent to Apple's encrypted microprocessor.

An Apple spokesperson addressed widespread concerns about the security of such a feature when commenting to the Wall Street Journal last Wednesday, saying that Apple’s new Touch ID system only stores “fingerprint data,” which remains encrypted within the iPhone’s processor.

It is undetermined if the biometric data is encrypted before being sent to the microprocessor. At this time, Apple is not allowing third-party apps access to the fingerprint scanner's data.

The mood among the hackers behind istouchidhackedyet.com is jovial.

Some readers will remeber the Open Kinect Bounty offered by Adafruit Industries in 2010, which offered a $2000 bounty to anyone who could write and release open source drivers for the Microsoft Kinect.

Microsoft was not pleased. From the beginning, Microsoft said it vowed to "work closely with law enforcement and product safety groups to keep Kinect tamper-resistant"

One of the hackers behind the website and bounty drive, Robert David Graham, told ZDNet:

To be clear, the main reason Nick and I are doing this is because we think it's harder than most people think.

ZDNet has reached out to Apple for comment on the istouchidhackedyet.com bounty/hacking contest and we will update this post with Apple's response.

Updated 21:25 PDT to add statement from Mr. Graham.

Topics: Security, Apple, iOS, iPhone

About

Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that inclu... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.