Hackers crowdfund bounty to hack iPhone 5S fingerprint scanner
Apple's iPhone 5S comes with a fingerprint scanner and it is now the subject of an online contest started by hackers who are offering a bounty to the first person to hack the biometric lock.
The list at istouchidhackedyet.com is open to anyone who wants to join in offering a reward, and the amount total for doing the dirty deed is growing by the hour.
UPDATE 9/19 12:36 PDT: The total crowdsourced bounty for istouchidackedyet is now over $15,000 - VC firm and startup accelerator IO Capital has added $10,000 to the contest. See: Charlatan hijacks iPhone 5S fingerprint hack contest, fools press. Apple has not responded.
The iPhone 5S is already in "short supply" for Friday's launch - and hackers are most certainly among those eager to get their hands on the premium phone.
All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print. I'll put money on this.
— NickDe (@nickdepetrillo) September 18, 2013
As of this writing the amount of the community-sourced, crowdfunded bounty is $2200 (plus various items and bottles of alcohol), from 28 individuals. Of course, some of the payment is in Bitcoin.
Apple is not on the list.
@ErrataRob @jjarmoc Enroll print, Place it, lift it, reproduce it, use the reproduction to unlock the phone without being locked out. Video.
— NickDe (@nickdepetrillo) September 19, 2013
Those interested in joining the bounty offer simply need to tweet their amount or offering to the #istouchidhackedyet hash tag.
Apple added the fingerprint scanner as a security boost for its flagship device, and a biometric lock is what could straddle the line between convenience and security for many consumers.
The scanner on Apple's new phone is a capacitance scanner. Rather than using the electro-optical method to capture and record a fingerprint, which produces an image, Apple's scanner uses capaciative cells and conductor plates to create feedback that generates a code.
For the iPhone 5S, fingerprint ridges cause tiny plates to contact and close a circuit and generating current. Apple's software reads the energy of each cell to select which one is under a ridge and which is under a valley.
After the print is read and code is generated, it's sent to Apple's encrypted microprocessor.
An Apple spokesperson addressed widespread concerns about the security of such a feature when commenting to the Wall Street Journal last Wednesday, saying that Apple’s new Touch ID system only stores “fingerprint data,” which remains encrypted within the iPhone’s processor.
It is undetermined if the biometric data is encrypted before being sent to the microprocessor. At this time, Apple is not allowing third-party apps access to the fingerprint scanner's data.
The mood among the hackers behind istouchidhackedyet.com is jovial.
If you haven't been touched by a #hacker #charity, please consider donating to our new cause, cuz #Apple hasn't yet: http://t.co/lWfEwZ4Vk8
— donb (@DonAndrewBailey) September 19, 2013
Featured
Some readers will remeber the Open Kinect Bounty offered by Adafruit Industries in 2010, which offered a $2000 bounty to anyone who could write and release open source drivers for the Microsoft Kinect.
Microsoft was not pleased. From the beginning, Microsoft said it vowed to "work closely with law enforcement and product safety groups to keep Kinect tamper-resistant"
One of the hackers behind the website and bounty drive, Robert David Graham, told ZDNet:
To be clear, the main reason Nick and I are doing this is because we think it's harder than most people think.
ZDNet has reached out to Apple for comment on the istouchidhackedyet.com bounty/hacking contest and we will update this post with Apple's response.
Updated 21:25 PDT to add statement from Mr. Graham.