backtop


Print 28 comment(s) - last by Mitch101.. on Sep 23 at 1:26 PM


  (Source: CNET)
But is the phone's highest profile feature vulnerable to hacking?

Apple, Inc.'s (AAPL) iPhone 5S launched today on Friday, Sept. 20, 2013, ten days after it was announced. And despite a lukewarm reception by media commentators and financial analysts, many of the iPhone faithful showed their support completing their now annual trek to camp, squat, or otherwise line up outside Apple stores across the country -- and around the world.

I. Annual Campouts Continue for Apple's Faithful Fans 

The Eaton Center, the biggest mall in downtown Toronto, Ontario, Canada saw hundreds of fans flock to the local Apple boutique, hoping to snag a new iPhone -- particularly the much desired, but rare gold-tinted iPhone 5S.
The line at the New York City store set a new record, while both the NYC and San Francisco stores sold out of their small stock of gold iPhone 5Ss.

iPhone 5S
No this isn't San Francisco's homeless population, it's Apple's unshowered fans.
[Image Source: Apple Insider]

Apple's executives showed up at stores in California in the early A.M. to greet fans.  CEO Tim Cook showed up to greet a line of over 230 fans in Palo Alton, Calif.: Eddy Cue (Apple's internet software and services VP) and Phil Schiller (worldwide marketing VP) were also on hand at the Stanford University's local Apple store: Clearly criticism aside, many Apple fans are still more than happy with the company's new device.

II. Hackers Hope to Break Fingerprint Sensor Protection

Another breaking story on Friday was a discussion on the security of the star feature of the iPhone 5S -- its fingerprint sensor.  While fingerprint sensing technology is nothing new or novel, Apple is looking to mainstream the technology for smartphones (The fingerprint sensor can only be used with dry fingers).

Apple claims that its data shows that nearly half of users don't password lock their phones, because they feel it takes too much effort.  At the iPhone 5S launch event ten days ago Apple executives lofted the iPhone 5S's in-button fingerprint sensor -- a smartphone industry first -- as a solution to this "problem".

iPhone 5S sensor
The iPhone 5S's sensor is secured by direct connections to the A7 SoC. [Image Source: Apple]

Apple bragged that the new sensor was ultra-secure, basically uncrackable.  Indeed the sensor features impressive security features.  The imaging sensor is protected by the laser-cut sapphire of the button head.  Intermnally it hooks up directly to a special portion of Apple's A7 system on a chip, which stores the fingerprint of the owner, encrypted, in embedded memory.

It seems like the iPhone is thus nearly impervious to digital attacks, short of disassembling the phone and tapping the lines to the fingerprint sensor.

But hackers are convinced the new security feature can be compromised.  A new URL asks a simple question that's exciting the iPhone hacking community: IsTouchIDHackedYet.com.  The site says the current answer is:

No! ...but the following have offered a reward to the first person who can reliably and repeatedly break into an iPhone 5s by lifting prints (like from a beer mug).

The site follows with a bounty list offered up by various contributors that range from $10,000 USD in cash (from I/O Capital Partners), Bitcoins, a free patent application on the hack (from Cipher Law), to  "$100, a dirty sex book, and a bottle of Bulleit Bourbon" from Violet Blue, a sex advice/erotica columnist for CNETZDNet, CBS Corp. (CBS), and (formerly) BoingBoing.
 

iPhone 5S
 
Given the difficulty of attacking the specialist circuit on the A7 SoC, as the above post states, hackers are directing their early efforts towards physical attacks on the sensor.  They hope to use fake fingerprints to spoof it, similar to how hackers have spoofed laptop-unlocking facial recognition software with manipulated pictures of the target user.

Charlie Miller, the most famous Apple device hacker whose name isn't "Hotz", says that he expects the sensor may be compromised in two weeks or less.  Mr. Miller, who works at Twitter now, respectfully declined to join the race to find an exploit for the sensor.

III. iOS  7 Exploits Kick Off With Control Center Bug

Arturas Rosenbacher, founding partner of Chicago's IO Capital, tells Reuters that the competition isn't looking to create exploits that could harm iPhone users.  Rather, he says that the competition is design to protect users against a false sense of security regarding a feature that might be less secure than Apple says.

He explains, "This is to fix a problem before it becomes a problem.  This will make things safer."

After a two tours of duty in Iraq with the U.S. Military, cyber-security analyst David Kennedy is among the users vying for the fingerprint sensor prize.  Mr. Kennedy, who has a security consulting firm TrustedSec LLC and organizes the DerbyCon hacker convention, comments, "I am just waiting to get my hands on it to figure out how to get around it first.  I'll be up all night trying."

But for now a far simpler exploit is grabbing headlines.  Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, discovered a very simple vulnerability to unlock a password or fingerprint sensor locked iOS 7 device.  He showed off this simple vulnerability involving the new "control center" in a YouTube video post:


Apple has acknowledge the flaw breaks iOS 7 device security, and promised to roll out a patch shortly.

Sources: Twitter, Reuters, YouTube



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: This site...
By Solandri on 9/21/2013 5:52:35 PM , Rating: 3
I think it's partly a backlash against the pro-Apple bias in the general media.

For example, for years we constantly heard about how the iPad dominated tablet sales, over and over, even though everyone already knew it. In 2012 I saw signs of that changing in raw sales figures being released by market data analysis companies. The media stories never mentioned it, I just happened to notice it in the raw sales data being quoted while they were talking about other numbers in the data which supported Apple. Quarter by quarter, Apple's share slipped from 95% to 90% to 80% to 65%. A pretty clear trend which if extrapolated would put Apple's share below 50% in 2013. But none of the media mentioned it. In fact their early predictions look rather ludicrous when compared to what's actually happened (e.g. Apple's tablet share to drop to 47% in 2015). Apple fans were similarly misled by that pro-Apple media bias, including one proponent here predicting 100 million iPad sales in 2013.
http://techcrunch.com/2011/04/11/chart-apples-tabl...

Finally in 2013 the iPad's share dropped below 50% (below 40% actually) and there was a brief flurry of stories about it. Since then, nothing. Instead of crowing about how Android dominates tablet sales like they used to crow for Apple, the media just says nothing. (My own theory is that Apple promised the publishing companies DRM if they distributed electronic versions of their publications on the iPad. So the media wanted the iPad to dominate and always pitched it in their stories to try to help it. Now that the tablet numbers have shifted to Android and their strategy has failed, they don't want to talk about it anymore.)


RE: This site...
By amanojaku on 9/22/2013 3:59:08 PM , Rating: 2
Agreed, although I'm reluctant to take your stand on the DRM issue. I like facts, and so far, there aren't any. You DID say it's a theory, however.

I would add that the "Apple vs. Everyone Else" issue is due to double standards. Apple claimed that a smartphone didn't need a large screen and a tablets didn't need a small screen, and the world laughed at large Android phones and small Android tablets. Then, Apple makes a larger phone and a smaller tablet, and they're "revolutionary".

Apple produces a phone with a 64-bit CPU and it's "revolutionary" again. Samsung announces that it will produce a phone in the future with a 64-bit CPU, and it's a "copy cat". Never mind the fact that device manufacturers have been working with ARM on 64-bit CPUs since 2011 (Applied Micro's X-Gene, Nvidia's Denver). Apple simply introduced it's smartphone variant first. And if Samsung hadn't announced it's plans, it would have been criticized for not being "innovative". It doesn't matter that ARM didn't even produce a working 64-bit architecture until October 2012, or that Samsung is the company that actually manufactures Apple's CPU...

Which brings up the next double standard: Apple doesn't make anything. It is an INTEGRATOR. It's screens come from Samsung, LG and Sharp. It's CPUs come from ARM and Samsung. It's M7 coprocessor is sourced from NXP Semiconductors, from an ARM Cortex M3. The NAND flash comes from Hynix. DRAM comes from Samsung. Other chips come from Cirrus Logic, Dialog Semiconductor, Broadcom, Qualcomm, Texas Instruments, Avago, Skyworks, and TriQuint. The camera comes from Sony. iOS came from FreeBSD and Mach. It's new TouchID came from the AuthenTec acquisition. It's multitouch implementation came from the FingerWorks acquisition. And all of that is put together by Foxconn...

I don't expect the pro-Apple crowd to understand any of this, or care. The group isn't technically inclined, and shows a disdain for anything technical. It wants candy-colored interfaces on top of a black box. It doesn't realize that the performance gains from the new CPUs are largely due to a smaller manufacturing process (28nm from 32nm), reduced instruction set (removal of Thumb), and improved memory bandwidth and latency (LPDDR3 support). It doesn't understand that buying someone else's technology is not the same as developing it in-house. And it certainly doesn't care that Apple has lied about its "accomplishments" while smearing other companies'.

Apple does a great job integrating. HTC, LG, Microsoft/Nokia, Samsung, and all the companies Apple has purchased, they're the true innovators.


"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki