Nick DePetrillo is putting his money where his mouth is. As people debated online the feasibility of hacking the fingerprint sensor on the yet-to-be-released iPhone 5S, he decided to do one better: The security researcher sent out a tweet offering $100 to the first person with video evidence of lifting and reproducing a fingerprint to unlock the new iPhone. That simple message sent Wednesday night has resulted in many others chipping in–dollars, Bitcoin, wine–resulting in a cumulative bounty of more than $13,000 at the time of this post.
“Nothing is 100% hackproof. Nothing is 100% secure,” DePetrillo told Fast Company. “I’m just arguing from what I believe that the company has done a very good job implementing Touch ID. Everyone in the industry is criticizing the sensor even before the actual phone is released.”
When Apple debuted the iPhone 5S, people immediately began voicing concerns about hacking and NSA spying with the Touch ID fingerprint sensor. The Cupertino company attempted to reassure consumers by telling them prints were stored locally within the A7 chip–not on Apple’s servers or backed up to iCloud. But much of the attention now is focused on lifting and replicating prints to unlock the phone. (And, as it turns out, it’s not just human prints that work with Touch ID.)
“People are debating how easy it is to defeat Touch ID,” he said. “What I argued along with some other security researchers is it’s not going to be so trivial. It wouldn’t be so easy to deceive this fingerprint sensor.”
The attention DePetrillo received led him to enlist the help of friend and fellow security expert Robert Graham to build the website istouchidhackedyet.com. DePetrillo emphasizes all pledges are based on the honor system.
“I’m not the curator of some official contest,” he said. “I have a job. My job is not to run a bounty program for Apple. No one has to play this contest. No one has to claim this prize. It’s all unofficial.” Though DePetrillo says he will send $100 via PayPal to the first person who can demonstrate foiling Touch ID, it will be up to the hacker to collect the rest of the total amount pledged.
[Image: Flickr user Martin Cathrae]