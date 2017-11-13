Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Andy Greenberg, writing for Wired: When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make. But it's also a hacking proof-of-concept that, for now, shouldn't alarm the average iPhone owner, given the time, effort, and access to someone's face required to recreate it. Bkav, meanwhile, didn't mince words in its blog post and FAQ on the research. "Apple has done this not so well," writes the company. "Face ID can be fooled by mask, which means it is not an effective security measure."

Hackers Say They've Broken Face ID a Week After iPhone X Release

  • .... ain't all asian all look alike anyway?

    • get out my uber and I'm rating you a 1

  • Still ok for general consumers (Score:4, Insightful)

    by Camembert ( 2891457 ) on Monday November 13, 2017 @09:15AM (#55539847)
    If you remember, Touchid was similarly soon broken, and it also required quite some commitment from the hacker.
    Still, for most people the security of TouchId was good enough and practical in use.
    I expect the same with FaceID. For the utmost in security, users can always opt for a passcode.

    • The problem is that it's not just for general consumers. You try to explain to the CEO of a high security company why you want to ruin his fun and not let him have his new toy.

      It's worse than trying to explain it to a 5 year old, with the difference that the 5 year old can't fire you and you can actually talk sensibly and reasonably with a 5 year old.

    • But your fingerprint is still somewhat private. You can't replicate my fingerprints from a picture of me that you found on facebook. I can always change which fingers I have mapped to TouchID periodically. etc.

      You only have one face, and your face is public, which means it's less secure than TouchID was.

  • Is the video at the bottom telling you about all those new and exciting security features. I first had to check whether it's a video from 2008 but no, it really talks about this iPhone.

    Just as one of the huge innovations you can now set a six digit pin code instead of that puny 4 digit one. Talk about courage!

    • Re: (Score:2)

      by jandrese ( 485 )
      Or you can do what everybody who cares a lick about security does and set a fully alphanumeric passcode instead. Also, the 6 digit pin option has been available for years.
  • The reason FaceID exists it to collect biometric data for Apple. It isn't to improve end user security. Silly people.

  • ... that its "Bphone the best smartphone the world" (2015). It sank without a trace.

    I'd treat that their claims that "Apple has done this not so well" and "Face ID can be fooled by mask, which means it is not an effective security measure" with a grain of salt. Of course their company is from Vietnam, "land of fakes" https://tuoitrenews.vn/news/ci... [tuoitrenews.vn] where scandal after scandal of dangerous, counterfeit and frank outright fraud is commonplace.

    Unfortunately I have firsthand experience of this :(

  • Ok (Score:2)

    by jon3k ( 691256 )
    You also have to have the equipment, time and expertise to pull this off. And I guess some kind of 3D model of the person's head? Not sure, haven't read TFA. Personally if I lost my phone I'd immediately have it wiped and locked via MDM. So unless this was all carefully orchestrated before hand, I think I'm ok.

  • So, what exactly is wrong with having to enter a passcode, anyway?

    • Re: (Score:2)

      by mark-t ( 151149 )

      Isn't it obvious? It requires more effort.

      Ignore the fact that a passcode that one actually keeps secret is, in general, going to be far more secure than the usage of any kind of biometric data could ever hope to be. People are friggen lazy. Full stop.

    • It's a pain in the ass entering the passcode every time you want to access your phone. Of course, face id sounds like a pain in the ass too so there was not really anything solved.

  • FaceID reminds me of this xkcd comic [xkcd.com].

    Except that you no longer need the wrench...

  • Your mission, should you choose to accept it, is to somehow sedate the subject and create a life cast of their face without them figuring out that you're doing it. You must then jump though a bunch of other hoops in order to unlock the subject's phone. You are under no circumstances to use the subject's own face to unlock their phone. Should you or any of your IM force be caught or killed, you will be mocked mercilessly on Slashdot.

  • Now I need to get a new face!

  • What happens when a person suffers an injury to their face? A serious black eye, swelling, etc? Do they get locked out of their phone at a time when that's probably the last thing they want to have to deal with?

