Hacker group offering unusual reward for breaking iOS authentication
A group in German claims to have successfully worked around Apple's new Touch ID biometric system, albeit using an extremely elaborate system to do so, involving a high-resolution lifted fingerprint and creating a "fake finger" that mimics a real one that has the lifted fingerprint printed onto latex milk or wood glue and then applied -- and of course physical access to the iPhone that utilizes that particular fingerprint. A different hacker group is offering a reward for such a solution, including cash, Bitcoins, liquor and books as a reward.
Passcode still required as fallback, used if finger not ID'd within 48 hours
More details have emerged about Apple's Touch ID system, built into the home button of the forthcoming iPhone 5s. The company has confirmed that the devices doesn't store an actual image of the user's fingerprints, for example, and further revealed that a basic passcode is required to be set up as a fallback before users can set up one or more fingerprints that can be used to unlock the iPhone 5s or make iTunes Store purchases. The ID data, as the company said on Tuesday, remains locally-stored and encrypted.
Security feature will be left out of cheaper iPhone 5C, paper says
On the eve of Apple's announcement of new iPhones, the Wall Street Journal is reporting that the long-rumored home button fingerprint scanner will become a feature of the iPhone 5S, the company's next model of premium smartphone. The fingerprint sensor will likely be used in addition to standard security measures such as PIN numbers or passcodes, but add a significant extra layer of security which could push e-commerce, banking and other high-security applications forward, in addition to making iPhones less valuable to thieves.
Apple-owned Authentec's software at fault, exploit available
Several PC security firms have independently verified a weakness in Authentek's UPEK Protector Suite that allows hostile users with physical control of a machine to rapidly recover Windows account passwords. The software is pre-installed in Windows-based PCs by makers including Dell, Gateway, NEC, Samsung, Sony, and Toshiba. An open-source exploit of the flaw has been released by a pair of security researchers so that paid intrusion testers can exploit the weakness.