Website offers bounty for iPhone 5S hack

Nothing tempts hackers quite like a high-profile new target.
Nothing tempts hackers quite like a high-profile new target.

 

Nothing tempts hackers quite like a high-profile new target.

A website is offering a bounty of more than $16,000 in cash and other prizes for the first person to successfully hack the Touch ID fingerprint sensor on the new iPhone 5S.

The site, IsTouchIDHackedYet, was created by Nick DePetrillo, an independent computer-security researcher known for demonstrating hacks of smartphones, and Robert David Graham, owner of Errata Security, a cybersecurity firm. It invites donors to contribute to the bounty, which so far includes an assortment of cash, bitcoins (a form of digital currency), several bottles of booze and “a dirty sex book.”

“The whole point of #istouchidhackedyet was to put up or shut up with regards to criticisms of Apple’s Touch ID security and implementation,” DePetrillo said Saturday on Twitter.

“I personally believe (for once) a company has implemented a unique feature (Touch ID) in a reasonably secure way,” he added in another tweet.

A successful hack of the phone had not been announced as of Sunday morning.

The iPhone 5S, which went on sale Friday, has a fingerprint sensor in its Home button for added security. Apple calls the new security system Touch ID. Phone owners must “register” their print with the device, after which they can unlock the phone by placing a finger or thumb on the button. Other users’ fingerprints will not unlock the phone, which protects it from thieves.

How secure is your iPhone 5S fingerprint?

According to terms DePetrillo posted on Twitter, to collect the bounty a hacker must lift a fingerprint from the phone or elsewhere and reproduce it in such a way that will allow them to unlock an iPhone 5S in less than five tries. All the steps must be documented on video.

The Touch ID system is meant for human fingerprints, of course, but it apparently works with animals, too. A Minnesota man posted a video Friday to CNN iReport that showed him using the paw of his pet Chihuahua to unlock his new iPhone.

DePetrillo and Graham are so-called “white hat” hackers who investigate and expose security holes that have yet to be plugged by makers of new computer systems. Tech companies generally appreciate being alerted to such security issues, which they can then patch before users’ personal information is compromised.

Apple did not immediately respond to a request from CNN for comment.

http://www.cnn.com/2013/09/22/tech/mobile/iphone-5s-hack-bounty/index.html

Advertisements

About Gregory D Evans

Gregory Evans is one of the worlds greatest security consultants. Go to http://GregoryDEvans.com for more details.
This entry was posted in Cell phone security and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s