Crowdfunded Bounty For Hacking iPhone 5S Fingerprint Authentication 148
judgecorp writes "There's more than $13,000 pledged for a crowdfunded bounty for bypassing an iPhone 5S's fingerprint reader. The bounty, set up by a security expert and an exploit reseller, requires entrants to lift prints 'like from a beer mug.' It has a website — IsTouchIDHackedYet — and payments are pledged by tweets using #IsTouchIDHackedYet. One drawback: the scheme appears to rely on trust that sponsors will actually pay up."
Other prizes include whiskey, books, and a bottle of wine.
Re:'like from a beer mug' (Score:5, Informative)
As was explained in the Apple keynote, a capacitive (not optical) sensor is used, which scans sub-epidermal skin layers. So lifting a fingerprint will not work.
Here is an extensive explanation [macworld.com] of the technologies used.
Caimed to death, but not backed up (Score:4, Informative)
What is your source for claiming that the sensor reads a different pattern than the normal fingerprints you leave behind? A capacitive fingerprint reader works by measuring the difference in capacitance between the ridges and valleys of your fingerprint. In the ridges, the distance to the more conductive layers beneath the skin (the sub-dermal layers you've heard about) is greater than in the valleys, which gives these regions higher capacitance. I guess the pattern you get this way could be different from the visible fingerprint if the underside of the skin has a significant, different pattern than the overside, but I have not heard that that is supposed to be the case.
To simplify things a bit, the much touted sub-dermal layers work as a sort of capacitive back-light which highlights the differences in thickness of the fingerprint above it. It is, to the best of my knowledge, simply another way of measuring the same fingerprint we see when we look at our fingers.
Re:Broken on first day (Score:4, Informative)
> How long does it take to etch a PCB (mould) and
> how long does it take for gelatine to cool down
> (finger cast)?
I don't know. How long does it take to use Google and learn that your method won't fucking work? [tuaw.com]