Vulnerability Management

Apple’s latest challenges include crowd-funded Touch ID hacking and iOS 7 issues

Has Apple's Touch ID been hacked yet? Security researchers Nick Depetrillo and Robert David Graham recently launched a website to answer that very question.

Right now the answer is: No. The iPhone 5s – the first Apple product to feature authentication via fingerprint scan – does not release until Friday, but you can bet that day-one owners will be picking the device apart quickly now that a crowd-funded project has gained some steam.

Along with the pride and glory that comes with being the first to dismantle Apple's latest security feature, technophiles will be vying for a prize that currently stands at nearly $20,000 in cash and prizes, courtesy of donations by researchers, security groups, businesses and more.

“I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100,” Depetrillo tweeted on Wednesday. Ten minutes later he followed it up with: “[S]atisfactory video evidence of the print enrollment, lift, reproduction and successful application of the print without locking out will do.”

The cash pot filled steadily through Thursday, but spiked following a pledge of $10,000 from I/O Capital Partners, a venture capital firm with one focus on developing mobile applications.

“When we first got word of the fingerprint scanner, all of us took a big breath,” Arturas Rosenbacher, a founding partner of I/O Capital Partners, told SCMagazine.com on Thursday. “Having it on the iPhone, that's a whole new ballpark for security. But is it actually more security, or is it just a false sense of security? What good is the sensor if you can just pull a print right off of it?”

Another idea behind I/O Capital Partners offering up such a sizable donation is so users are encouraged to find flaws before the technology – which Apple will also use to authenticate purchases on the device through iTunes and the App Store – starts gaining momentum in other markets, Rosenbacher said.

The problem is that fingerprints are forever. Whereas credit cards, bank accounts and phone numbers can all be changed, Rosenbacher said it would present a serious problem if criminals found a way to reproduce fingerprints. “A fingerprint is one of the most valuable things, along with DNA,” he said. 

It is not a matter of whether the Touch ID will be hacked, it is a matter of when, according to Rosenbacher, who admitted he didn't know if it would happen next week or next year. He said he has spoken to several researchers and security experts recently who are all itching to take on the challenge.

Regarding the crowd-funded project, an Apple spokesperson did not immediately reply to a query from SCMagazine.com.

If the technology giant does not have enough on its plate in preparing for the Friday release of the iPhone 5s and iPhone 5c, it also will have to address numerous complaints about a variety of issues with iOS 7, which was released on Wednesday.

The chief flaw right now has to do with the easy deactivation of ‘Find My iPhone' or ‘Find My iPad' – apps that owners keep active to track their devices in the event it is stolen or goes missing.

All a person has to do is turn on airplane mode, which can be done via Siri or in the Control Center, a feature new to iOS 7. Both of these options are available while the device is locked, and since it will disable mobile and Wi-Fi features, that means 'Find My' apps are toast. This could not be done in iOS 6.

Several have already commented that a person has always been able to prevent the ‘Find My' apps from working by just removing the SIM card on the device, but doing it via airplane mode makes it even simpler and Apple has yet to publicly address it.

Quick adopters of iOS 7 have been pretty vocal about a vast bevy of other problems too, including lengthy download and install times for the new operating system, downloads and installs ending prematurely due to error, iTunes sync issues, battery life draining faster, keyboard lag and even problems recognizing SIM cards.

Conversely, iOS 7 fixes more than 80 flaws still existing in versions of iOS 6, including a vulnerability that involves malware being installed to iPhones when plugged into a compromised charger.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.