Mobile
News
9/13/2013
01:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Apple Hackers Rate iPhone 5s Security

Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off?

iPhone 5c, 5s: 10 Smart Design Choices
iPhone 5c, 5s: 10 Smart Design Choices
(click image for larger view)
Can the iPhone 5s -- or its built-in fingerprint scanner -- be hacked?

That's one question on the minds of iOS hackers after Apple CEO Tim Cook this week unveiled the latest version of the iPhone smartphone. The new device includes not only a 64-bit A7 processor but also iOS 7, which features a number of security improvements.

To be clear, the iPhone 5s isn't for sale yet, so few -- if any -- security researchers have gotten their hands on one. But based on product specifications and a healthy dose of guesswork, here are six challenges -- and opportunities -- facing Apple hackers:

1. iOS Security Since iPhone 4s: Tough To Crack

Where smartphones are concerned, recent generations of the iPhone are quite secure, provided they've been correctly configured. "A powered-off iPhone 4s or later with a complex passcode is a freaking vault," tweeted security researcher Dino Dai Zovi, CTO at Trail of Bits and co-author of iOS Hacker's Handbook iOS Hacker's Handbook. "Apple did very well w/ passcodes + on-chip crypto."

[ Is the iPhone 5s's fingerprint scanner more trouble than it's worth? Read iPhone 5s Fingerprint Scanner: 9 Security Facts. ]

2. Security Improvement: 64 Bits

Apple's switch to a 64-bit processor for the iPhone 5s will also have security repercussions, not least for jailbreakers, who combine exploits against various iPhone bugs to gain root access to the devices. "Best part about everyone switching to 64bit ARM, it'll likely invalidate heaps of stockpiled 0days," tweeted the Grugq, a Bangkok-based broker between bug buyers and sellers.

But frustrating current zero-day vulnerability seekers will likely be only a short-term scenario. According to a related Reddit discussion, for example, "since the new iPhone 5s has a different type of chip, it will probably have new, specific bugs and possible exploits in [its] kernel / bootrom / software."

3. Screen Grab: Lifting Fingerprints

One potential -- and potentially elegant -- attack against the fingerprint reader would be to retrieve a user's fingerprint from the touchscreen and repurpose it to unlock the phone, in what's been dubbed a potential "phish finger" attack.

"The first thing I would try would be attacks against the thumbprint reader, like try and take prints from elsewhere on the phone and figure out how to replay those to the sensor to log in to the person's phone without having them around," Zovi told CNN. Another potential attack might be launched against the software used to digitize the thumb image.

Latest-generation fingerprint readers include "vitality" checks -- meaning the RF signal interacts with a finger below the skin layer and works only with "live digits." But reportedly this can also be spoofed. "The capacitance technology is relatively easy to defeat -- it's just a 'dumb' sensor detecting the appropriate Farad change," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs, via email.

4. Biometric Data Secreted In A7 Processor

What about simply grabbing the stored fingerprint scan directly from processor memory and using that to spoof a user? In fact, directly accessing the biometric data could prove difficult: the A7 processor in the iPhone 5s includes a tailor-made area called Secure Enclave, which is designed to encrypt the fingerprint scans made by the device. As a result, the encrypted information reportedly can only be retrieved directly from the processor and can't be exported off of the device.

Despite that secure storage, Trail of Bits' Zovi recommended that security-conscious iPhone 5s users not rely on Touch ID until security researchers have had a chance to give it a full shakedown. "Until I know how data protection is keyed from Touch ID, I'm still recommending complex passcodes," he said.

But for any user who's currently not using a passcode on their phone -- perhaps Yahoo CEO Marissa Mayer, who earlier this week revealed that she doesn't lock her smartphone with a passcode -- Zovi emphasized that using Touch ID is better than nothing at all. "Half of iPhone users don't even enable a four-digit passcode," he said. "If Touch ID makes more people use passcodes and data protection, it's a win."

5. Biometric Security Backup

Further complicating would-be biometric attackers is the fact that Touch ID isn't an all-or-nothing proposition. To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (for example, in the case of a full battery drain) or hasn't been unlocked for 48 hours, according to an anonymous post to Quora about Apple's new Secure Enclave. "This is a genius feature that is meant to stop set a time limit for criminals if try to find a way to circumvent the fingerprint scanner," the post read.

6. Enterprise Environments: Will Fingerprints Count?

But will business users tap Touch ID? Adoption may be complicated if fingerprints don't pass enterprise muster. As one network operations specialist and InformationWeek reader pointed out in an email, where biometrics fall down is Exchange compatibility. "Those systems with security policies in place to require a passcode on the mobile device will find the fingerprint reader is not compatible with Exchange EAS," he said. "Users will have to use a PIN anyway, much the same way swipe unlock is not supported on Android devices."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Richard
50%
50%
Richard,
User Rank: Apprentice
9/21/2013 | 3:32:10 AM
re: Apple Hackers Rate iPhone 5s Security
melgross - please take a moment or two to watch my videos on my initial attempts to defeat the sensor on Fortinet's blog.

I have gotten the "new" capacitance sensor to recognize a gelatin finger, enroll it, and use it to unlock the phone.

Further, I have been able to get a gelatin finger to be rejected by the phone as an "unrecognized print"... which means my initial comments about the capacitance sensor being "dumb" was correct.

Now as far as getting the phone to unlock with a replicated print of a live finger... well, I'm still hacking away at it. :)
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/17/2013 | 10:25:22 AM
re: Apple Hackers Rate iPhone 5s Security
No answers yet on the Exchange compatibility question -- we'll need to get our hands on iOS 7 to see how Apple has implemented Exchange ActiveSync. But working with Exchange typically requires a bona fide password. For that reason, as noted by the interviewee, many people report difficulty getting Android swipe unlock to work with Exchange ActiveSync. It remains to be seen if Apple -- or a third party -- will find some way of bridging the password-to-fingerprint gap.
Richard
50%
50%
Richard,
User Rank: Apprentice
9/16/2013 | 5:24:46 PM
re: Apple Hackers Rate iPhone 5s Security
For the record, I was referring only to the metal ring around the sensor that detects a finger, not the sensor that reads the print. That *is* a "dumb" sensor that can be defeated.

Also, I counter your statement that the sensor reads the subdermal layer - it does not. It reads the subepidermal layer. There *is* a difference.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:52:31 PM
re: Apple Hackers Rate iPhone 5s Security
Just goes to show how most posters don't know what they're talking about, or whether they even bother to read the entire article. It seems to even be questionable as to whether they understand the article even if they do read it.

But just as a point of clarification, 3D printers can't print to silicone (it's not silicon). Even if they could (though some VERY expensive new models use a variant), the resolution of 3D printers that aren't priced in the multiple 100's of thousands don't have the 550ppi resolution to be able to print out an accurate fingerprint. And, of course, they can't print out the capacitance patterns, or even know them.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:59 PM
re: Apple Hackers Rate iPhone 5s Security
Yes, it's optional.
melgross
50%
50%
melgross,
User Rank: Ninja
9/14/2013 | 2:50:22 PM
re: Apple Hackers Rate iPhone 5s Security
I would just like to say that Mr. Henderson has never attempted to break the security of the new capacitance sensors. And possibly doesn't even understand the way they work. This sensor, at least, doesn't simply detect the overall field of capacitance as does a capacitance touch screen. It reads the capacitance pattern of the sub dermal layer. That's impossible to fake with a simple capacitance.
Laurianne
50%
50%
Laurianne,
User Rank: Author
9/14/2013 | 12:21:44 PM
re: Apple Hackers Rate iPhone 5s Security
Mat, can you clarify the Exchange compatibility issue? Thanks
aaronAshfield
50%
50%
aaronAshfield,
User Rank: Guru
9/14/2013 | 12:21:08 PM
re: Apple Hackers Rate iPhone 5s Security
Hackers, here is an attack that works:
1- Take a piece of tape
2- Place it on the iPhone button, and take the fingerprint
3- Send it to a 3D printer and print if on silicon
4- Use the silicon finger for access
greatdott!
50%
50%
greatdott!,
User Rank: Apprentice
9/13/2013 | 9:57:27 PM
re: Apple Hackers Rate iPhone 5s Security
Is the fingerprint scanner additive to a passcode in an Exchange EAS environment, or entirely incompatible? That is, can a user also employ the scanner if she is already using an Exchange EAS-compatible passcode?

Your unnamed "network operations specialist"'s quote suggests full incompatibility: "'... the fingerprint reader is not compatible with Exchange EAS,' he said."
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
9/13/2013 | 7:13:24 PM
re: Apple Hackers Rate iPhone 5s Security
Is using the fingerprint scanner optional? I wonder if consumers will trust the technology. I know my wife used to have trouble with the fingerprint scanners at Disney never reading her fingerprint the same way twice, making the tech less of a convenience.
Page 1 / 2   >   >>
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.