This iPhone security flaw may give you paws

Yes, your cat can unlock your new iPhone 5s. But millions of Apple faithful will still robotically upgrade to the latest/greatest

Today is the big day. People have been queuing up outside Apple stores since the predawn hours for the chance to exchange their late model Jesus phones for an even newer model. Already, just a few hours in, there are shortages. Apple cannot keep up with the insatiable appetite for iDevices.

In the pantheon of geek holidays, New Apple Phone Day falls somewhere between Pi Day (March 14) and International Talk Like a Pirate Day ('twas yesterday, matey, in case ye missed it). So it's a perfect day to talk about iPhone 5's security -- or lack thereof.

[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

Bad kitty

So far, the iPhone 5s's flashy Touch ID fingerprint scanner has been proven invulnerable to hacking -- unless, of course, you walk on four legs and think that Friskies Seafood Sensations is the cat's meow.

Yesterday, Darrell Etherington posted an 11-second video to TechCrunch showing how a colleague's kitty could unlock the Touch ID fingeprint scanner on the iPhone 5s using a pawprint.

The cat's paw worked, and while it encountered more frequent failures than did a fingerprint, it was able to unlock the phone again repeatedly when positioned correctly on the sensor. Note that no other paw pads would unlock the device, and that cats essentially have unique "fingerprints" just like people, so this doesn't make the Touch ID sensor any less secure.

Before this, Etherington had spent some time registering the feline's paw with Touch ID; technically, it was one of the five authorized users the iPhone 5s allows. This also explains all those Angry Birds apps Etherington found installed on the phone.

In the meantime, we have yet more proof that cats control the tech world.

Clever hackers

The crowdfunded Is Touch ID hacked yet? site is offering a series of bounties for the first person who can break Touch ID security by lifting prints from some other source, like a beer mug. Included among the prizes: Bitcoins of various denominations, cash payouts ranging from $23 to $10,000, assorted bottles of booze, a free patent application, and a "dirty sex book" (but, strangely, no catnip).

The site was created by two hackers whose intent is to show how hard it is to hack Touch ID. Co-founder Nick Depetrillo told Forbes' Andy Greenberg:

Basically people criticized the Touch ID sensor as being insecure, thinking it was a typical fingerprint sensor from five years ago. In reality it's a lot harder, and I was part of a vocal minority of security researchers who argued Apple did a good job.

I guess we'll find out. Personally I'm rooting for someone to hack it, just to find out what that dirty sex book is.

Unlock and load

Unfortunately, Apple didn't do such a good job with its old fashioned pass-code based lockscreen. Someone has already discovered a bug in iOS 7 that lets anyone bypass the iPhone's lockscreen to access someone else's photos, email, or social media accounts. (The Camera app has to be running before the screen locks, and Control Center has to be enabled for the lock screen.) Per Forbes, a soldier living in the Canary Islands discovered the vulnerability by playing around with the iPhone's alarm clock app. Amateur security sleuth Jose Rodriquez apparently specializes in finding security holes in Apple's lockscreen; this is the third one he's uncovered.

Apple has promised a fix for the lockscreen hole. No word yet on its attitude toward our feline friends.

Do iPhone security flaws trouble you? How about your cat? Post your thoughts below or email me:

This article, "This iPhone security flaw may give you paws," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

Copyright © 2013 IDG Communications, Inc.