قالب وردپرس درنا توس
Home / Technology / Cyber ​​scientist publicly talks about hacking Apple's Face ID

Cyber ​​scientist publicly talks about hacking Apple's Face ID



NEW YORK / SAN FRANCISCO (Reuters) – A security researcher from a cyber department interrupted a hacking conference on how he said he could spread biometric face recognition at Apple Inc. ( AAPL.O ) iPhones, at request

FILE PHOTO: A participant uses the Face ID feature on the new iPhone X during a presentation for the media in Beijing, China October 31, 2017. REUTERS / Thomas Peter [19659003] Expected Face ID can be defeated is worrying because It is used to unlock tens of millions of iPhones from banking and health applications to email messages, text messages and images.

There is a 1 million chance a random person could unlock a facial ID, against a 50,000 chance that would happen with the iPhone's fingerprint sensor, according to Apple.

Face ID has proven safer than its predecessor, Touch ID, which uses fingerprint sensors to unlock iPhones. The Touch ID was defeated within a few days of the 2013 launch.

China-based researcher Wish Wu was scheduled to present a discussion entitled "Bypass Strong Face ID: Anyone can deceive Depth and IR Camera and Algorithms" at the Black Hat Asia hacking conference in Singapore in March. Wu told Reuters that his employer, Ant Financial, asked him to withdraw the call from Black Hat, one of the largest and most prestigious organizers of hacking conferences.

Ant Financial's Alipay payment system is compatible with face recognition technologies, including Face ID.

No one has publicly disclosed details of a successful Face ID hack that others have been able to replicate since Apple introduced the feature in 2017 with the iPhone X, according to biometric security experts. The company has introduced three other Face ID phones: iPhone XS, XS Max and XR.

Wu told Reuters he agreed with the decision to withdraw and said he could only reproduce hacks on iPhone X under certain conditions, but that it didn't work with the iPhone XS and XS Max.

"To ensure the credibility and maturity of research results, we decided to cancel the speech," he told Reuters in a message on Twitter.

An Apple spokesman declined comment.

"The research on the face ID verification mechanism is incomplete and will be misleading if presented," Ant Financial said in a statement.

Black Hat drew a summary of the conversation from his site at the end of December after Ant discovered problems with the research.

Abstract claimed that Face ID could be hacked with an image printed on a regular black and white printer and some tape. The only other claim for a Face ID hack was in 2017 by a Vietnamese cyber security company Bkav, who posted it on YouTube videos. Other researchers have not been able to replicate that attack.

Apple's Face Detection uses a combination of cameras and special sensors to capture a three-dimensional scan of a face that makes it possible to identify spoofs with photographs or determine whether the user is asleep or otherwise not looking at the phone.

Conversations are rarely drawn from cyber security conferences such as Black Hat, whose events are attended by professionals who want to understand new hacking threats.

Black Hat told Reuters that he had accepted Wus's talk because Wu convinced his reporting board that he could pull off the hack.

"Black Hat accepted the discussion after believing that the hack could be replicated based on the materials of the researcher," said conference speaker Kimberly Samra.

Anil Jain, a professor of computer science at Michigan State University, who is a facial recognition expert, said he was surprised by Wus's demands because Apple has invested heavily in "anti-spoofing" technology which makes such hacks very difficult.

Reporting by Jim Finkle in New York and Stephen Nellis in San Francisco; Additional reporting by Cate Cadell in Beijing; editing of Grant McCool

Our Standards: Thomson Reuters Trust Principles.

Source link