iPhone Fingerprint Hack Contest Dangles $18,000

Crowd-funded effort also promises erotica, bourbon, bitcoins and whiskey to the first person who can successfully bypass the iPhone 5s Touch ID fingerprint reader.

Mathew J. Schwartz, Contributor

September 20, 2013

3 Min Read
InformationWeek logo in a gray background | InformationWeek

9 Android Apps To Improve Security, Privacy

9 Android Apps To Improve Security, Privacy


9 Android Apps To Improve Security, Privacy (click image for larger view)

Cryptographers, security researchers, entrepreneurs and at least one journalist and vulnerability broker have been pooling their resources to offer a reward to the first person who manages to successfully fool the Touch ID biometric fingertip scanner built into the new iPhone 5s and unlock.

The Touch ID hacking bounty, first reported by ZDNet, was kicked off following a Wednesday conversation between security researchers Don Bailey and Nick DePetrillo, which resulted in DePetrillo making the following offer via Twitter: "I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100."

"All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print," he said. "I'll put money on this."

In short order he did put money on it, and was soon joined by others. According to the IsTouchIDHackedYet? website that he set up with network IPS pioneer and Errata Security CEO Robert David Graham to track the bids, pledgers have included John Hopkins cryptography professor Matthew Green, the Bangkok-based vulnerability seller known as the GrugQ, as well as Arturas Rosenbacher of IO Capital, who Thursday sweetened the pot by $10,000.

[ Guard your smartphone in these cities: Chicago Leads In Smartphone Thefts. ]

By Friday morning, 82 people had been recorded as collectively promising erotica, wine, bourbon, bitcoins and Scottish whisky, as well as cold, hard cash -- nearly $19,000, including the value of bitcoins and euros pledged -- to the winner. The organizers promised to continue watching for related pledges on Twitter.

The popularity of the Touch ID hacking contest seemed to take the organizers by surprise. "Our unofficial internet contest that's based entirely on honor system pledges to defeat a technology that isn't out yet is hysterical," tweeted DePetrillo, who's a senior security researcher at Crucial Security. "Just think of the hackers whose girlfriends will be neglected while they go after this challenge," he added.

Graham said via Twitter that he was "astonished" at the interest in the contest. But he expressed skepticism that Touch ID can be hacked. "I doubt it will be successful ... which is why I'm betting $100 it won't be successful," he said via Twitter. In the meantime, however, he's already ponied up $70 for the hacking contest domain name and six months of hosting, Threatpost reported.

But finding a way to trick Touch ID isn't the only goal of the effort, co-founder Don Bailey, who's a senior security researcher at iSec Partners, told Threatpost. "We want to get more people aware of the new pieces of hardware functionality coming out," he said. "Because not a lot of people are looking at hardware security, and by doing things like this we get to put a spotlight on security in places where people usually presume it's either too easy or too hard."

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights