Apple Hackers Rate iPhone 5s Security - InformationWeek
01:55 PM

Apple Hackers Rate iPhone 5s Security

Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off?

iPhone 5c, 5s: 10 Smart Design Choices
iPhone 5c, 5s: 10 Smart Design Choices
(click image for larger view)
Can the iPhone 5s -- or its built-in fingerprint scanner -- be hacked?

That's one question on the minds of iOS hackers after Apple CEO Tim Cook this week unveiled the latest version of the iPhone smartphone. The new device includes not only a 64-bit A7 processor but also iOS 7, which features a number of security improvements.

To be clear, the iPhone 5s isn't for sale yet, so few -- if any -- security researchers have gotten their hands on one. But based on product specifications and a healthy dose of guesswork, here are six challenges -- and opportunities -- facing Apple hackers:

1. iOS Security Since iPhone 4s: Tough To Crack

Where smartphones are concerned, recent generations of the iPhone are quite secure, provided they've been correctly configured. "A powered-off iPhone 4s or later with a complex passcode is a freaking vault," tweeted security researcher Dino Dai Zovi, CTO at Trail of Bits and co-author of iOS Hacker's Handbook iOS Hacker's Handbook. "Apple did very well w/ passcodes + on-chip crypto."

[ Is the iPhone 5s's fingerprint scanner more trouble than it's worth? Read iPhone 5s Fingerprint Scanner: 9 Security Facts. ]

2. Security Improvement: 64 Bits

Apple's switch to a 64-bit processor for the iPhone 5s will also have security repercussions, not least for jailbreakers, who combine exploits against various iPhone bugs to gain root access to the devices. "Best part about everyone switching to 64bit ARM, it'll likely invalidate heaps of stockpiled 0days," tweeted the Grugq, a Bangkok-based broker between bug buyers and sellers.

But frustrating current zero-day vulnerability seekers will likely be only a short-term scenario. According to a related Reddit discussion, for example, "since the new iPhone 5s has a different type of chip, it will probably have new, specific bugs and possible exploits in [its] kernel / bootrom / software."

3. Screen Grab: Lifting Fingerprints

One potential -- and potentially elegant -- attack against the fingerprint reader would be to retrieve a user's fingerprint from the touchscreen and repurpose it to unlock the phone, in what's been dubbed a potential "phish finger" attack.

"The first thing I would try would be attacks against the thumbprint reader, like try and take prints from elsewhere on the phone and figure out how to replay those to the sensor to log in to the person's phone without having them around," Zovi told CNN. Another potential attack might be launched against the software used to digitize the thumb image.

Latest-generation fingerprint readers include "vitality" checks -- meaning the RF signal interacts with a finger below the skin layer and works only with "live digits." But reportedly this can also be spoofed. "The capacitance technology is relatively easy to defeat -- it's just a 'dumb' sensor detecting the appropriate Farad change," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs, via email.

4. Biometric Data Secreted In A7 Processor

What about simply grabbing the stored fingerprint scan directly from processor memory and using that to spoof a user? In fact, directly accessing the biometric data could prove difficult: the A7 processor in the iPhone 5s includes a tailor-made area called Secure Enclave, which is designed to encrypt the fingerprint scans made by the device. As a result, the encrypted information reportedly can only be retrieved directly from the processor and can't be exported off of the device.

Despite that secure storage, Trail of Bits' Zovi recommended that security-conscious iPhone 5s users not rely on Touch ID until security researchers have had a chance to give it a full shakedown. "Until I know how data protection is keyed from Touch ID, I'm still recommending complex passcodes," he said.

But for any user who's currently not using a passcode on their phone -- perhaps Yahoo CEO Marissa Mayer, who earlier this week revealed that she doesn't lock her smartphone with a passcode -- Zovi emphasized that using Touch ID is better than nothing at all. "Half of iPhone users don't even enable a four-digit passcode," he said. "If Touch ID makes more people use passcodes and data protection, it's a win."

5. Biometric Security Backup

Further complicating would-be biometric attackers is the fact that Touch ID isn't an all-or-nothing proposition. To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (for example, in the case of a full battery drain) or hasn't been unlocked for 48 hours, according to an anonymous post to Quora about Apple's new Secure Enclave. "This is a genius feature that is meant to stop set a time limit for criminals if try to find a way to circumvent the fingerprint scanner," the post read.

6. Enterprise Environments: Will Fingerprints Count?

But will business users tap Touch ID? Adoption may be complicated if fingerprints don't pass enterprise muster. As one network operations specialist and InformationWeek reader pointed out in an email, where biometrics fall down is Exchange compatibility. "Those systems with security policies in place to require a passcode on the mobile device will find the fingerprint reader is not compatible with Exchange EAS," he said. "Users will have to use a PIN anyway, much the same way swipe unlock is not supported on Android devices."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
User Rank: Apprentice
9/13/2013 | 6:58:58 PM
re: Apple Hackers Rate iPhone 5s Security
Like all things there are good and bad with things offered by the industry for your good or protection. What do you think the corporations along with NSA/government will do with all the biometric data on it's citizens? Sure, they'll limit the access. Right. When will that ever be true? And there are no other groups that'll benefit from buying or hacking your info.
<<   <   Page 2 / 2
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll