Security firm claims to thwart iPhone X's Face ID with special mask


technology
 Security firm claims to thwart iPhone X's Face ID with special mask

A attendee uses a new iPhone X during a presentation for the media in Beijing, China October 31, 2017.When Apple introduced Face ID security alongside the iPhone X, it boasted that even Hollywood-quality masks couldn't fool the system. It might not be a question of movie-like authenticity, however -- security researchers at Bkav claim to have thwarted Face ID by using a specially-built mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology. The creation uses hand-crafted "skin" made specifically to exploit Face ID, while 3D printing produced the face model. Other parts, such as the eyes, are 2D images. The proof of concept appears to work, as you can see in the clip below. The question is: do iPhone X owners actually have to worry about it?

The researchers maintain that they didn't have to 'cheat' to make this work. The iPhone X was trained from a real person's face, and it only required roughly $150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it's not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.

Apple declined to comment when asked about the claim. However, Bkav is quick to acknowledge that the effort involved makes it difficult to compromise "normal users." As with fake fingers, this approach is more of a concern for politicians, celebrities and law enforcement agents whose value is so high that they're worth days of effort. If someone is so determined to get into your phone that they build a custom mask and have the opportunity to use it, you have much larger security concerns than whether or not Face ID is working.

More than anything, the seeming achievement emphasizes that biometric sign-ins are usually about convenience, not completely foolproof security. They make reasonable security painless enough that you're more likely to use it instead of leaving your device unprotected. If someone is really, truly determined to get into your phone, there's a real chance they will -- this is more to deter thieves and nosy acquaintances who are likely to give up if they don't get in after a few attempts.

Bkav

By: Engadget

« technology

  CITIES NEWS
LONDON
DUBAI
BEDMINSTER, New Jersey
SEOUL
TAIPEI
MOSCOW
BERLIN
STOCKHOLM
WASHINGTON
LOS ANGELES
BRASILIA
SILVERSTONE, England
SAYLORSBURG, Pa
AMSTERDAM
BERGERAC, France
KABUL
BARCELONA
PARIS
MOSUL, Iraq
BRUSSELS
DOHA
CAIRO
FRANKFURT
LAUSANNE
  DATE NEWS
2017/11/18
'More girls, fewer skinheads': Poland's far right wrestles with changing image


2017/11/17
Rising alarm in Britain over Russian meddling in Brexit vote


2017/11/16
Security firm Kaspersky said it did obtain classified NSA documents — just not deliberately


2017/11/15
Security Council to vote Thursday on Syria gas attacks probe


2017/11/14
Soldiers on Harare streets as ruling party accuses Zimbabwe army chief of treason


2017/11/13
Activists: Airstrike on rebel-held Syrian town kills 21