For every new security innovation, it’s only a matter of time until hackers find a way around it.
So it goes with Apple’s new Touch ID fingerprint sensor in the iPhone 5S. Many reviewers have heralded it as the first simple and effective biometric security mechanism in a consumer gadget — but hackers are already gearing up to crack it.
Security researchers Nick Depetrillo and Robert David Graham yesterday launched IsTouchIDHackedYet.com, an effort to crowdsource a reward for the first person to effectively hack the new fingerprint sensor, reports Forbes.
At the time of this post, dozens of Twitter users have committed more than $3,200 to the effort, as well as alcohol, “a dirty sex book” (of course, it’s from sex and technology writer Violet Blue), and Bitcoins. Right now the whole operation is as informal as it gets: The pair are accepting pledges through Twitter messages with the hashtag #istouchidhackedyet, and Depetrillo says he’ll track down people who don’t pay up.
More so than proving Apple wrong, Depetrillo tells Forbes’ Andy Greenberg that he wants to show the world how difficult it will be to crack Apple’s Touch ID. “Basically people criticized the TouchId sensor as being insecure, thinking it was a typical fingerprint sensor from five years ago,” he wrote to Greenberg. “In reality it’s a lot harder, and I was part of a vocal minority of security researchers who argued Apple did a good job.”
Apple isn’t the first company to offer fingerprint-based biometric security — IBM and Lenovo have offered it in some Thinkpad laptops for years, and Motorola also had one in the original Atrix Android phone — but it’s the first to offer such a method as the main security method for a flagship product. The company has likely tested against some fingerprint spoofing techniques, like using silly putty or gelatin. Apple has also said that the Touch ID will require a live finger to function.