Crowdfunded Bounty For Hacking iPhone 5S Fingerprint Authentication

← Back to Stories (view on slashdot.org)

Crowdfunded Bounty For Hacking iPhone 5S Fingerprint Authentication

Posted by Unknown on Thursday September 19, 2013 @06:09AM from the good-luck-with-that dept.

judgecorp writes "There's more than $13,000 pledged for a crowdfunded bounty for bypassing an iPhone 5S's fingerprint reader. The bounty, set up by a security expert and an exploit reseller, requires entrants to lift prints 'like from a beer mug.' It has a website — IsTouchIDHackedYet — and payments are pledged by tweets using #IsTouchIDHackedYet. One drawback: the scheme appears to rely on trust that sponsors will actually pay up." Other prizes include whiskey, books, and a bottle of wine.

23 of 148 comments (clear)

Min score:

Reason:

Sort:

Why bother. by stewsters · 2013-09-19 06:13 · Score: 2, Funny

With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.
1. Re:Why bother. by alen · 2013-09-19 06:16 · Score: 5, Funny
  
  if you live close to a wal mart chances are your victim will have a gun and can defend him or herself
2. Re:Why bother. by ShanghaiBill · 2013-09-19 06:36 · Score: 2
  
  With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.
  Nope. The iPhone, like most modern fingerprint scanners, requires a pulse. A severed finger won't work.
3. Re:Why bother. by stewsters · 2013-09-19 06:42 · Score: 2
  
  Doesn't matter. if you tell the person you are going to chop off their finger and have a machete on hand to do it, they most likely will want to reset their password for you.
4. Re:Why bother. by ackthpt · 2013-09-19 06:52 · Score: 2
  
  With a $10 Walmart machete from the camping aisle, you can "Hack" off the key for yourself.
  Nope. The iPhone, like most modern fingerprint scanners, requires a pulse. A severed finger won't work.
  Arr, ye be only needin' a batt'ry and wires fer ye pulse o' a sev'red finger, matey. ox)P-)
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
5. Re:Why bother. by CastrTroy · 2013-09-19 06:55 · Score: 3, Interesting
  
  Personally, living in Canada, I wish they would stop coming up with inventions that don't work in the winter. First, it's capacitive touch screens that won't work with regular gloves. Now we have special gloves with a special material on the fingertips so that you can use your tablet/phone with gloves. Then there's eBook readers, which advertise as being still readable in sunlight, but if the screen gets too cold, they don't refresh properly. Now they have fingerprint readers on the phone. So I have to take my gloves off, just to make a phone call. I'm tired of my hands getting cold!
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
6. Re:Why bother. by geek · 2013-09-19 06:55 · Score: 2
  
  Yes, and if you hold a gun to their head and make them do things you'll have broken their security. Seriously? Apple is damned if they do and damned if they don't with people like you.
  Yes people may force their victims to do this, no it's not likely to be common. The point of the finger print reader isn't to somehow, mystically prevent an armed robber from getting into your shit. Its to keep purse snatchers and pick pockets from getting in as well as keeping it moderately secure should you forget it at a bar or airport.
7. Re:Why bother. by noh8rz10 · 2013-09-19 06:58 · Score: 2
  
  why don't you get those gloves that don't have fingers, or take a glove and cut off one finger?
8. Re:Why bother. by hondo77 · 2013-09-19 07:05 · Score: 5, Insightful
  
  What part of "Designed by Apple in California" don't you understand? :-)
  
  --
  I live ze unknown. I love ze unknown. I am ze unknown.
9. Re:Why bother. by i_ate_god · 2013-09-19 07:14 · Score: 4, Funny
  
  Walmarts exist in Canada too
  But then again you wouldn't expect a Canadian to do such a brazen hack. Rather the Canadian would ask the other Canadian politely if they could use their phone, then quickly hop on their moose and ride off with it.
  
  --
  I'm god, but it's a bit of a drag really...
10. Re:Why bother. by mlts · 2013-09-19 07:14 · Score: 2
  
  I wonder when devices will start having a duress code where if swiped one way, the device opens normally. Swiped another way, device opens, but yet calls the local popo and reports a holdup in progress.
  Even my 13 year old house alarm has that.
11. Re:Why bother. by Kielistic · 2013-09-19 07:27 · Score: 2
  
  You underestimate how cold it is in some places / times. Some times you want full-on mittens because gloves of any kind are too cold.
12. Re:Why bother. by Kielistic · 2013-09-19 08:27 · Score: 3, Interesting
  
  Holes are known for their efficiency at losing heat. If frostbite is a concern do not poke holes in your insulation!
'like from a beer mug' by Culture20 · 2013-09-19 06:14 · Score: 2, Insightful

Or from the iPhone itself.
1. Re:'like from a beer mug' by De+Lemming · 2013-09-19 06:29 · Score: 4, Informative
  
  As was explained in the Apple keynote, a capacitive (not optical) sensor is used, which scans sub-epidermal skin layers. So lifting a fingerprint will not work.
  Here is an extensive explanation of the technologies used.
2. Re:'like from a beer mug' by chihowa · 2013-09-19 07:04 · Score: 5, Interesting
  
  That's not an extensive explanation of how the technology works. The only description of how the sensor works from that article is this:
  
  A capacitance fingerprint reader leverages a handy property of your skin: The outer layer of your skin (your dermis), where your fingerprint is, is non-conductive, while the subdermal layer behind it is conductive. When you touch the iPhone’s fingerprint sensor, it measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image..
  
  So it's still measuring your fingerprint as made up of ridges and troughs, just using conduction instead of optics. So you lift a fingerprint from a glass, etch it onto a conductive substrate (that matches the dermis roughly) and put it on the sensor.
  The sensor is likely looking at a fairly wide range of relative conduction between the ridges and troughs, so that it will work if your fingers are oily or sweaty or cold, so you wouldn't need to perfectly match the conduction of the user's actual finger.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Re:Morons by phantomfive · 2013-09-19 06:22 · Score: 2

Apple has already pointed out that the fingerprint sensor will deliver a false-positive approximately 1 time in 50,000
Presumably they are going to require repeatable results....

--
"First they came for the slanderers and i said nothing."
Re:You can just enter the passcode. by maccodemonkey · 2013-09-19 06:35 · Score: 4, Funny

Didn't these clowns watch the keynote?
-jcr
I am totally shocked someone in the tech industry would launch a project without fully understanding the original problem. SHOCKED I SAY.
Re:Broken on first day by ShanghaiBill · 2013-09-19 06:52 · Score: 3, Insightful

How long does it take to etch a PCB (mould) and how long does it take for gelatine to cool down (finger cast)? (The method that Mythbusters used)
The Mythbusters episode was from 2006, and was done on a sensor that was even older. Technology improves. In a decade, it can improve a lot. Their technique would almost certainly not work today. Apple's sensor requires a pulse, and detects deep skin layers that do not show up on a lifted fingerprint.
Caimed to death, but not backed up by amaurea · 2013-09-19 07:23 · Score: 3, Informative

What is your source for claiming that the sensor reads a different pattern than the normal fingerprints you leave behind? A capacitive fingerprint reader works by measuring the difference in capacitance between the ridges and valleys of your fingerprint. In the ridges, the distance to the more conductive layers beneath the skin (the sub-dermal layers you've heard about) is greater than in the valleys, which gives these regions higher capacitance. I guess the pattern you get this way could be different from the visible fingerprint if the underside of the skin has a significant, different pattern than the overside, but I have not heard that that is supposed to be the case.
To simplify things a bit, the much touted sub-dermal layers work as a sort of capacitive back-light which highlights the differences in thickness of the fingerprint above it. It is, to the best of my knowledge, simply another way of measuring the same fingerprint we see when we look at our fingers.
Re:Broken on first day by sootman · 2013-09-19 08:16 · Score: 3, Informative

> How long does it take to etch a PCB (mould) and
> how long does it take for gelatine to cool down
> (finger cast)?
I don't know. How long does it take to use Google and learn that your method won't fucking work?

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Re:Citation does not back up your claim by chihowa · 2013-09-19 13:51 · Score: 2

Here's your reference. It's reading a plain old fingerprint.

--
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Why lock a phone? by kubajz · 2013-09-19 19:56 · Score: 2

Assuming that you protect your phone from the random thief, I would recommend installing a tracing app and leaving the phone unlocked - a locked phone will just encourage the thief to hard reset it or turn it off immediately. Same with a laptop - I had some tracing software installed but unfortunately I forgot to enable the guest account so the thief could not use the laptop... and therefore never gave me a chance to locate it.