Cyber Researcher Pulls Public Talk on Hacking Apple's Face ID

The possibility which Face ID could be defeated is troubling because it is used to lock functions on tens of millions of iPhones from banking and health care programs to emails, text messages and photographs.

There is a one in 1 million chance a random individual could unlock a Face ID, versus one in 50,000 chance that would happen with the iPhone’s fingerprint sensor, according to Apple.

Face ID has shown more secure than its predecessor, Touch ID, that utilizes fingerprint sensors to unlock iPhones. Touch ID was defeated in a couple of days of its 2013 release.

China-based researcher Wish Wu was first scheduled to present a discussion entitled”Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms” in the Black Hat Asia hacking conference in Singapore in March. Wu told Reuters that his company, Ant Financial, asked him to withdraw the talk from Black Hat, one of the greatest and most prestigious organisers of hacking conferences.

Ant Financial’s Alipay payment method is compatible with facial recognition technology such as Face ID.

Nobody has publicly released details on a successful Face ID hack that others have been able to replicate since Apple introduced the attribute in 2017 with all the iPhone X$74,999, based on biometric security experts.

Wu told Reuters that he agreed with the decision to draw his talk, saying he was just able to reproduce hacks on iPhone X under certain conditions, but it did not function with iPhone XS and XS Max.

“To be able to guarantee the authenticity and maturity of the study results, we decided to cancel the address,” he told Reuters in a remark on Twitter.

“The study on the face ID verification mechanism is faulty and could be misleading if presented,” Ant Financial said in a statement.

Black Hat withdrew a abstract of this discussion from its site in late December after Ant uncovered problems with the research.

The abstract maintained that Face ID might be hacked with a picture printed on an ordinary black-and-white printer and a few tape. The only other claim of a Face ID hack was 2017 with a Vietnamese cyber-security firm Bkav, which posted it on YouTube videos. Other researchers have yet to be able to replicate that assault.

Apple’s facial recognition utilizes a combination of cameras and special sensors to capture a three-dimensional scan of a face which allows it to identify spoofs with photos or determine if the user is asleep or not looking at the phone.

It’s uncommon for talks to be pulled out of cyber-security conventions such as Black Hat, whose events are attended by specialists looking to understand emerging hacking threats.

Black Hat told Reuters it had accepted Wu’s talk because Wu convinced its inspection board that he could pull off the hack.

“Black Hat approved the conversation after considering the hack could be reproduced based on the materials provided by the research worker,” conference spokeswoman Kimberly Samra said.

Anil Jain, a Michigan State University computer science professor who is an expert on facial recognition, said he was surprised by Wu’s claim since Apple has spent heavily into”anti-spoofing” technology that makes these hacks very difficult.


Please enter your comment!
Please enter your name here