Autoplay: ON Autoplay: OFF
Is your iPhone 5S vulnerable?Two days after the iPhone 5S went on sale, the Touch ID feature has been hacked. CNET's Seth Rosenblatt explains how a German group outsmarted the fingerprint scanner and what iPhone owners can do to protect themselves.
-Hello and welcome to Inside Scoop. I'm Sumi Das. Joining me is senior writer for CNET, Seth Rosenblatt. Seth, thanks for being with us. -Hi Sumi. -Okay. So, less than 48 hours after the iPhone 5S went on sale on Friday,-- -Uh-huh. -it's already been hacked or at least a feature of-- -Yes. -a new touch ID feature-- -Yes. -which is where you put your thumb on the home button. -Uh-huh. -It scans it, accesses-- and gives you access to your phone. -Yes. -So, somebody has hacked this. -Yes. -Some Germans. What happened? -Yes. So, a group of-- before the fun was even released to the public on Friday, a couple of security researchers announced that they were going to run a contest to see if they could-- if anybody could hack the touch ID sensor, which will work with any of your fingerprints. -Okay. -And they started off almost in a joking way on Twitter and then it became very serious when they decided that they were going to put up a website and actually start collecting the funds. One law firm offered the put the funds into Escrow and so things got serious pretty quickly and then everything escalated when one person offered $10,000 as part of the reward. They've seen backed down, but, before the end of it, the reward topped $11,000 in various currencies; U.S. dollars, Euros, bit coins. -Some alcohol thrown in there? -People were offering bottles of expensive alcohol and cheap alcohol. -Right. -And there was a book of erotica being thrown in. -Okay. -There was also a patent from the same law firm that was covering the funds in Escrow, a patent application. -Okay. -So, the person who came up with a successful hack would get an opportunity to patent it. -Okay. So, erotica and bottles of alcohol aside, I mean the money gives us this impression that people were taking it seriously-- -Absolutely. -as you said. So, how did they do this? -Yes. So, they wound up transferring a fingerprint and it's not clear from what they transferred it from. So, it's not sure-- we're not sure yet if it was from the iPhone glass itself or from a beer stain or something, but somehow they were able to transfer the fingerprint to a piece of latex-- -Okay. -and then put the latex over a second person's fingertip and then rub it against the home sensor, the home button sensor-- -Okay. -and that unlocked the phone under several videos demonstrating this. We're still waiting for complete phone instructions on how they did it, how they did the fingerprint transfer, but clearly it does work. -Is this surprising that it happened so quickly? -You know, the researchers say that they were surprised, which is interesting. They thought it was going to take longer than it did to-- -Uh-huh. -to hack the sensor and it didn't. But the take away from that, they said, is that, you know, there are always going to be ways to hack security protocol no matter what it is whether it's a pin code, fingerprint sensor, other biometrics, but that there are also ways that you can-- things that you can do to take precautions to protect yourself. -This is, I mean, something that they did. We don't know exactly how they got the original fingerprint,-- -Uh-huh. -the copy of it. So,-- -Right. -it seems like it's not that easy of a hack. It seems like you have to go through some effort to get a picture of somebody's fingerprint. -Uh-huh. -It might be difficult it seems. -It can be. Again, unfortunately, we don't know precisely how the German hacker who pulled off the hack-- -Right. -was able to do this. But even from his vague instructions other people were able to replicate it and then demonstrate that in videos on YouTube. -Uh-huh. So, any response from Apple? -Not yet. -Okay. -Apple's not yet responding. -All right. It will be interesting to see what they say. -Uh-huh. -And what should people do? I have an iPhone 5S. -Uh-huh. -Should I be concerned? I'm actually really am enjoying the touch ID password feature. It's so much faster. -Uh-huh. Absolutely. There's a couple things you could do. One suggestion from the researchers is that you use a finger other than your index finger or your thumb. So, if you use your pinky or your ring finger to unlock the phone, those fingerprints are very hard to lift from other surfaces. They're harder to get complete fingerprints of. So, if you-- if you wanted to continue using it, you want it to be a little bit safer. That's one thing you could do. -All right. So, good information. -Yeah. -Seth, thanks so much. -Thank you. -For Inside Scoop, I'm Sumi Das. Thanks for watching.