NEW YORK / SAN FRANCISCO – A cyber security researcher interrupted a hacking conference on how he said he could spread biometric face recognition on Apple Inc iPhones, at the request of the employer, who called the job "misleading."
The view that Face ID may be defeated is troubled because it is used to unlock tens of millions of features of iPhones from banking and health programs to email, text messaging and images.
It's a 1
Face ID has proven safer than its predecessor, Touch ID, which uses fingerprint sensors to unlock iPhones. The Touch ID was defeated within a few days of the 2013 launch.
China-based researcher Wish Wu was scheduled to present a conversation entitled "Bypass Strong Face ID: Anyone can deceive Depth and IR Camera and Algorithms" at the Black Hat Asia hacking conference in Singapore in March. Wu told Reuters that his employer, Ant Financial, asked him to withdraw from Black Hat, one of the largest and most prestigious organizers of hacking conferences.
Payment Alipay's payment system is compatible with face recognition technologies, including Face ID.
No one has publicly disclosed details of a successful Face ID hack that others have been able to replicate since Apple introduced the feature in 2017 with the iPhone X, according to biometric security experts. The company has introduced 3 other Face ID phones: iPhone XS, XS Max and XR.
Wu told Reuters he agreed with the decision to withdraw his speech and said he could only reproduce hacks on iPhone X under certain conditions, but that it didn't work with the iPhone XS and XS Max.
"To ensure the credibility and maturity of research results, we decided to cancel the speech," he told Reuters in a message on Twitter.
An Apple spokesman rejected comments.
"The research on the face ID verification mechanism is incomplete and would be misleading if presented," ant Financial said in a statement.
Black Hat drew an abstract of the conversation from his website in late December after Ant discovered problems with the research.
Abstract claimed that Face ID could be hacked with an image printed on a regular black and white printer and some tape. The only other claim for a Face ID hack was in 2017 by a Vietnamese cyber security company Bkav, who posted it on YouTube videos. Other researchers have not been able to replicate this attack.
Apple's Face Detection uses a combination of cameras and special sensors to capture a 3-dimensional scan of a face that makes it possible to identify spoofs with photographs or determine whether the user is sleeping or otherwise not looking at the phone.
Conversations are rarely drawn from cyber security conferences such as Black Hat, whose events are attended by professionals who want to understand new hacking threats.
Black Hat told Reuters that it had accepted Wu talked because Wu convinced his reporting board that he could withdraw from the hack.
"Black Hat accepted the discussion after believing that the hack could be replicated based on the materials of the researcher," said conference speaker Kimberly Samra.
Anil Jain, a political science professor in Michigan State University, who is a facial recognition expert, said he was surprised by Wus's demands because Apple has invested heavily in "anti-sp oofing" technology which makes such hackers very difficult.