Apple Hackers Rate iPhone 5s Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Apple Hackers Rate iPhone 5s Security

Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off?

iPhone 5c, 5s: 10 Smart Design Choices
iPhone 5c, 5s: 10 Smart Design Choices
(click image for larger view)
Can the iPhone 5s -- or its built-in fingerprint scanner -- be hacked?

That's one question on the minds of iOS hackers after Apple CEO Tim Cook this week unveiled the latest version of the iPhone smartphone. The new device includes not only a 64-bit A7 processor but also iOS 7, which features a number of security improvements.

To be clear, the iPhone 5s isn't for sale yet, so few -- if any -- security researchers have gotten their hands on one. But based on product specifications and a healthy dose of guesswork, here are six challenges -- and opportunities -- facing Apple hackers:

1. iOS Security Since iPhone 4s: Tough To Crack

Where smartphones are concerned, recent generations of the iPhone are quite secure, provided they've been correctly configured. "A powered-off iPhone 4s or later with a complex passcode is a freaking vault," tweeted security researcher Dino Dai Zovi, CTO at Trail of Bits and co-author of iOS Hacker's Handbook iOS Hacker's Handbook. "Apple did very well w/ passcodes + on-chip crypto."

[ Is the iPhone 5s's fingerprint scanner more trouble than it's worth? Read iPhone 5s Fingerprint Scanner: 9 Security Facts. ]

2. Security Improvement: 64 Bits

Apple's switch to a 64-bit processor for the iPhone 5s will also have security repercussions, not least for jailbreakers, who combine exploits against various iPhone bugs to gain root access to the devices. "Best part about everyone switching to 64bit ARM, it'll likely invalidate heaps of stockpiled 0days," tweeted the Grugq, a Bangkok-based broker between bug buyers and sellers.

But frustrating current zero-day vulnerability seekers will likely be only a short-term scenario. According to a related Reddit discussion, for example, "since the new iPhone 5s has a different type of chip, it will probably have new, specific bugs and possible exploits in [its] kernel / bootrom / software."

3. Screen Grab: Lifting Fingerprints

One potential -- and potentially elegant -- attack against the fingerprint reader would be to retrieve a user's fingerprint from the touchscreen and repurpose it to unlock the phone, in what's been dubbed a potential "phish finger" attack.

"The first thing I would try would be attacks against the thumbprint reader, like try and take prints from elsewhere on the phone and figure out how to replay those to the sensor to log in to the person's phone without having them around," Zovi told CNN. Another potential attack might be launched against the software used to digitize the thumb image.

Latest-generation fingerprint readers include "vitality" checks -- meaning the RF signal interacts with a finger below the skin layer and works only with "live digits." But reportedly this can also be spoofed. "The capacitance technology is relatively easy to defeat -- it's just a 'dumb' sensor detecting the appropriate Farad change," said Richard Henderson, security strategist and threat researcher for Fortinet's FortiGuard Labs, via email.

4. Biometric Data Secreted In A7 Processor

What about simply grabbing the stored fingerprint scan directly from processor memory and using that to spoof a user? In fact, directly accessing the biometric data could prove difficult: the A7 processor in the iPhone 5s includes a tailor-made area called Secure Enclave, which is designed to encrypt the fingerprint scans made by the device. As a result, the encrypted information reportedly can only be retrieved directly from the processor and can't be exported off of the device.

Despite that secure storage, Trail of Bits' Zovi recommended that security-conscious iPhone 5s users not rely on Touch ID until security researchers have had a chance to give it a full shakedown. "Until I know how data protection is keyed from Touch ID, I'm still recommending complex passcodes," he said.

But for any user who's currently not using a passcode on their phone -- perhaps Yahoo CEO Marissa Mayer, who earlier this week revealed that she doesn't lock her smartphone with a passcode -- Zovi emphasized that using Touch ID is better than nothing at all. "Half of iPhone users don't even enable a four-digit passcode," he said. "If Touch ID makes more people use passcodes and data protection, it's a win."

5. Biometric Security Backup

Further complicating would-be biometric attackers is the fact that Touch ID isn't an all-or-nothing proposition. To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (for example, in the case of a full battery drain) or hasn't been unlocked for 48 hours, according to an anonymous post to Quora about Apple's new Secure Enclave. "This is a genius feature that is meant to stop set a time limit for criminals if try to find a way to circumvent the fingerprint scanner," the post read.

6. Enterprise Environments: Will Fingerprints Count?

But will business users tap Touch ID? Adoption may be complicated if fingerprints don't pass enterprise muster. As one network operations specialist and InformationWeek reader pointed out in an email, where biometrics fall down is Exchange compatibility. "Those systems with security policies in place to require a passcode on the mobile device will find the fingerprint reader is not compatible with Exchange EAS," he said. "Users will have to use a PIN anyway, much the same way swipe unlock is not supported on Android devices."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
9/14/2013 | 12:21:44 PM
re: Apple Hackers Rate iPhone 5s Security
Mat, can you clarify the Exchange compatibility issue? Thanks
David F. Carr
David F. Carr,
User Rank: Author
9/13/2013 | 7:13:24 PM
re: Apple Hackers Rate iPhone 5s Security
Is using the fingerprint scanner optional? I wonder if consumers will trust the technology. I know my wife used to have trouble with the fingerprint scanners at Disney never reading her fingerprint the same way twice, making the tech less of a convenience.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Flash Poll