Print 28 comment(s) - last by Mitch101.. on Sep 23 at 1:26 PM

  (Source: CNET)
But is the phone's highest profile feature vulnerable to hacking?

Apple, Inc.'s (AAPL) iPhone 5S launched today on Friday, Sept. 20, 2013, ten days after it was announced. And despite a lukewarm reception by media commentators and financial analysts, many of the iPhone faithful showed their support completing their now annual trek to camp, squat, or otherwise line up outside Apple stores across the country -- and around the world.

I. Annual Campouts Continue for Apple's Faithful Fans 

The Eaton Center, the biggest mall in downtown Toronto, Ontario, Canada saw hundreds of fans flock to the local Apple boutique, hoping to snag a new iPhone -- particularly the much desired, but rare gold-tinted iPhone 5S.
The line at the New York City store set a new record, while both the NYC and San Francisco stores sold out of their small stock of gold iPhone 5Ss.

iPhone 5S
No this isn't San Francisco's homeless population, it's Apple's unshowered fans.
[Image Source: Apple Insider]

Apple's executives showed up at stores in California in the early A.M. to greet fans.  CEO Tim Cook showed up to greet a line of over 230 fans in Palo Alton, Calif.: Eddy Cue (Apple's internet software and services VP) and Phil Schiller (worldwide marketing VP) were also on hand at the Stanford University's local Apple store: Clearly criticism aside, many Apple fans are still more than happy with the company's new device.

II. Hackers Hope to Break Fingerprint Sensor Protection

Another breaking story on Friday was a discussion on the security of the star feature of the iPhone 5S -- its fingerprint sensor.  While fingerprint sensing technology is nothing new or novel, Apple is looking to mainstream the technology for smartphones (The fingerprint sensor can only be used with dry fingers).

Apple claims that its data shows that nearly half of users don't password lock their phones, because they feel it takes too much effort.  At the iPhone 5S launch event ten days ago Apple executives lofted the iPhone 5S's in-button fingerprint sensor -- a smartphone industry first -- as a solution to this "problem".

iPhone 5S sensor
The iPhone 5S's sensor is secured by direct connections to the A7 SoC. [Image Source: Apple]

Apple bragged that the new sensor was ultra-secure, basically uncrackable.  Indeed the sensor features impressive security features.  The imaging sensor is protected by the laser-cut sapphire of the button head.  Intermnally it hooks up directly to a special portion of Apple's A7 system on a chip, which stores the fingerprint of the owner, encrypted, in embedded memory.

It seems like the iPhone is thus nearly impervious to digital attacks, short of disassembling the phone and tapping the lines to the fingerprint sensor.

But hackers are convinced the new security feature can be compromised.  A new URL asks a simple question that's exciting the iPhone hacking community:  The site says the current answer is:

No! ...but the following have offered a reward to the first person who can reliably and repeatedly break into an iPhone 5s by lifting prints (like from a beer mug).

The site follows with a bounty list offered up by various contributors that range from $10,000 USD in cash (from I/O Capital Partners), Bitcoins, a free patent application on the hack (from Cipher Law), to  "$100, a dirty sex book, and a bottle of Bulleit Bourbon" from Violet Blue, a sex advice/erotica columnist for CNETZDNet, CBS Corp. (CBS), and (formerly) BoingBoing.

iPhone 5S
Given the difficulty of attacking the specialist circuit on the A7 SoC, as the above post states, hackers are directing their early efforts towards physical attacks on the sensor.  They hope to use fake fingerprints to spoof it, similar to how hackers have spoofed laptop-unlocking facial recognition software with manipulated pictures of the target user.

Charlie Miller, the most famous Apple device hacker whose name isn't "Hotz", says that he expects the sensor may be compromised in two weeks or less.  Mr. Miller, who works at Twitter now, respectfully declined to join the race to find an exploit for the sensor.

III. iOS  7 Exploits Kick Off With Control Center Bug

Arturas Rosenbacher, founding partner of Chicago's IO Capital, tells Reuters that the competition isn't looking to create exploits that could harm iPhone users.  Rather, he says that the competition is design to protect users against a false sense of security regarding a feature that might be less secure than Apple says.

He explains, "This is to fix a problem before it becomes a problem.  This will make things safer."

After a two tours of duty in Iraq with the U.S. Military, cyber-security analyst David Kennedy is among the users vying for the fingerprint sensor prize.  Mr. Kennedy, who has a security consulting firm TrustedSec LLC and organizes the DerbyCon hacker convention, comments, "I am just waiting to get my hands on it to figure out how to get around it first.  I'll be up all night trying."

But for now a far simpler exploit is grabbing headlines.  Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, discovered a very simple vulnerability to unlock a password or fingerprint sensor locked iOS 7 device.  He showed off this simple vulnerability involving the new "control center" in a YouTube video post:

Apple has acknowledge the flaw breaks iOS 7 device security, and promised to roll out a patch shortly.

Sources: Twitter, Reuters, YouTube

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: This site...
By amanojaku on 9/22/2013 3:59:08 PM , Rating: 2
Agreed, although I'm reluctant to take your stand on the DRM issue. I like facts, and so far, there aren't any. You DID say it's a theory, however.

I would add that the "Apple vs. Everyone Else" issue is due to double standards. Apple claimed that a smartphone didn't need a large screen and a tablets didn't need a small screen, and the world laughed at large Android phones and small Android tablets. Then, Apple makes a larger phone and a smaller tablet, and they're "revolutionary".

Apple produces a phone with a 64-bit CPU and it's "revolutionary" again. Samsung announces that it will produce a phone in the future with a 64-bit CPU, and it's a "copy cat". Never mind the fact that device manufacturers have been working with ARM on 64-bit CPUs since 2011 (Applied Micro's X-Gene, Nvidia's Denver). Apple simply introduced it's smartphone variant first. And if Samsung hadn't announced it's plans, it would have been criticized for not being "innovative". It doesn't matter that ARM didn't even produce a working 64-bit architecture until October 2012, or that Samsung is the company that actually manufactures Apple's CPU...

Which brings up the next double standard: Apple doesn't make anything. It is an INTEGRATOR. It's screens come from Samsung, LG and Sharp. It's CPUs come from ARM and Samsung. It's M7 coprocessor is sourced from NXP Semiconductors, from an ARM Cortex M3. The NAND flash comes from Hynix. DRAM comes from Samsung. Other chips come from Cirrus Logic, Dialog Semiconductor, Broadcom, Qualcomm, Texas Instruments, Avago, Skyworks, and TriQuint. The camera comes from Sony. iOS came from FreeBSD and Mach. It's new TouchID came from the AuthenTec acquisition. It's multitouch implementation came from the FingerWorks acquisition. And all of that is put together by Foxconn...

I don't expect the pro-Apple crowd to understand any of this, or care. The group isn't technically inclined, and shows a disdain for anything technical. It wants candy-colored interfaces on top of a black box. It doesn't realize that the performance gains from the new CPUs are largely due to a smaller manufacturing process (28nm from 32nm), reduced instruction set (removal of Thumb), and improved memory bandwidth and latency (LPDDR3 support). It doesn't understand that buying someone else's technology is not the same as developing it in-house. And it certainly doesn't care that Apple has lied about its "accomplishments" while smearing other companies'.

Apple does a great job integrating. HTC, LG, Microsoft/Nokia, Samsung, and all the companies Apple has purchased, they're the true innovators.

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki