HACKERS SAY THEY'VE BROKEN FACE ID A WEEK AFTER IPHONE X RELEASE

Not the Beatles record company. Not the fruit.. What could it be...

Moderators: b1o, jkerr82508

User avatar
R_Head
Berserk
Posts: 2568
Joined: 17 Mar 2010, 15:40

HACKERS SAY THEY'VE BROKEN FACE ID A WEEK AFTER IPHONE X RELEASE

Postby R_Head » 14 Nov 2017, 14:40

HACKERS SAY THEY'VE BROKEN FACE ID A WEEK AFTER IPHONE X RELEASE

https://youtu.be/i4YQRLQVixM

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

But it's also a hacking proof-of-concept that, for now, shouldn't alarm the average iPhone owner, given the time, effort, and access to someone's face required to recreate it.

Bkav, meanwhile, didn't mince words in its blog post and FAQ on the research. "Apple has done this not so well," writes the company. "Face ID can be fooled by mask, which means it is not an effective security measure."

In the video posted to YouTube, shown above, one of the company's staff pulls a piece of cloth from a mounted mask facing an iPhone X on a stand, and the phone instantly unlocks. Despite the phone's sophisticated 3-D infrared mapping of its owner's face and AI-driven modeling, the researchers say they were able to achieve that spoofing with a relatively basic mask: little more than a sculpted silicone nose, some two-dimensional eyes and lips printed on paper, all mounted on a 3-D-printed plastic frame made from a digital scan of the would-be victim's face.

The researchers concede, however, that their technique would require a detailed measurement or digital scan of the face of the target iPhone's owner. The researchers say they used a handheld scanner that required about five minutes of manually scanning their test subject's face. That puts their spoofing method in the realm of highly targeted espionage, rather than the sort of run-of-the-mill hacking most iPhone X owners might face. 1

"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders, and agents like FBI need to understand the Face ID's issue," the Bkav researchers write. They also suggest that future versions of their technique might be performed with a quick smartphone scan of a victim’s face, or even a model created from photographs, but didn't make any predictions about how easy those next steps might be to engineer.

Aside from the challenge of acquiring an accurate face scan, the researchers’ simpler setup outperformed more expensive techniques for attempted Face ID trickery—namely, the ones we at WIRED tried earlier this month. With the help of a special effects artist, and at a cost of thousands of dollars, we created full masks cast from a staffer's face in five different materials, ranging from silicone to gelatin to vinyl. Despite details like eyeholes designed to allow real eye movement, and thousands of eyebrow hairs inserted into the mask intended to look more like real hair to the iPhone's infrared sensor, none of our masks worked.

By contrast, the Bkav researchers say they were able to crack Face ID with a cheap mix of materials, 3-D printing rather than face-casting, and perhaps most surprisingly, fixed, two-dimensional printed eyes. The researchers haven't yet revealed much about their process, or the testing that led them to that technique, which may prompt some skepticism. But they say that it was based in part on the realization that Face ID's sensors only checked a portion of a face's features, which WIRED had previously confirmed in our own testing.


Read more...

https://www.wired.com/story/hackers-say ... -security/

User avatar
viking60
Über-Berserk
Posts: 9281
Joined: 14 Mar 2010, 16:34

Re: HACKERS SAY THEY'VE BROKEN FACE ID A WEEK AFTER IPHONE X RELEASE

Postby viking60 » 15 Nov 2017, 01:35

That is probably all true. You will never find me with a phone like that. Neither will I ever give my fingerprint to Apple,,Google (They give it to the government) or the hackers..

I am not voting for Big Brother.....
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
R_Head
Berserk
Posts: 2568
Joined: 17 Mar 2010, 15:40

Re: HACKERS SAY THEY'VE BROKEN FACE ID A WEEK AFTER IPHONE X RELEASE

Postby R_Head » 15 Nov 2017, 21:21

You got that right +1


Return to “Apple”