"The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. "
So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone?
Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
Ain't you ever seen Mission: Impossible? That's not a movie, it's a documentary. /s
I wouldn't worry about this as long as biometric features can be switched off.
For most people, they are not big enough targets to warrant someone trying to spoof the phone.
For people who do consider themselves a target, they have the option of using a passcode instead.
If you were fine with a fingerprint scanner, you should be fine with FaceID.
I suppose that someone could cook up a criminally intent depth sensing camera and, for example, stick it on a cash machine and record 3D maps of the faces of anyone taking out cash and then try to use them together with other information to create faces that might be good enough to spoof the phone but the pitfalls could be enough to make it not worthwhile.
I didn't bother reading Apple's white paper on the technology because I am perfectly happy with a fingerprint scanner. If I had to use a FaceID style solution, I don't think it would be an issue for me.
Bkav just got the most publicity it will ever get, ever. That's a big win for them, regardless of how idiotic this is. Where were they when Samsung released its crappy version of FaceID?
I suppose that someone could cook up a criminally intent depth sensing camera and, for example, stick it on a cash machine and record 3D maps of the faces of anyone taking out cash and then try to use them together with other information to create faces that might be good enough to spoof the phone but the pitfalls could be enough to make it not worthwhile.
As FUD attempts go, that was very subtle. Nice job.
Your scenario is about as likely to work in real life as the one mentioned in the article. The task of getting a good quality image, then stitching it seamlessly it to other good quality images from other locations, having identified the person you’re looking for. Then getting hold of their phone?
All thing are possible, very few things are likely. This is why TouchID had very few genuine security problems reported even though it was theoretically possible to spoof … if you had access a lot of time, patience, and acccess to a chem lab.
I think it is much more important that FaceID can unlock rightful owners 100% in all conditions and won't unlock in normal non-owner conditions . To trick FaceID with other artificial things are really not that important. All the owner needs to do is to prevent the phone from falling into the hands of others.
That “specially processed area” reveals that they’ve put the mask over the face of the owner to unlock. This is similar to the German hoax for Touch ID, in which a replica was shown but the unlocking was done with a true registered finger.
Edit: the video shows that an unlocking by a face behind the camera is still plausible in that setup but what we see is not even that. They show just an animation, that plays before even he touches the display and they are so lazy that they forgot to animate the lock icon.
30,000 dots will probably be doubled, length will be extended, cameras will be better, InVisahe tech and who knows what else.
This will allow better FaceID, more accurate Animoji, object recognition, Better AR, better photo filters etc.
There’s a video on YouTube with a special camera that shows the dots and it obviously looks like 1st gen tech that can be improved.
Most definitely.
Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water.
It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!
It will also allow you to make emojis based on your gums. Gumojis are the next big thing. You read it here first!
In practice Bkav-style masks are unlikely to pose a threat, since they would not only be difficult and expensive to make, but require the dimensions of a person's face and detailed imagery.
This harkens back to when TouchID was first introduced. A couple of German hackers claimed they were able to defeat TouchID by lifting fingerprints. Then it turned out that they had to use a really expensive, high resolution printer and sophisticated techniques that would preclude any casual hacking. You would have to be a high value target to make it worthwhile.
We knew that FaceID would be attacked from all sides. In fact I’m almost 100% certain Apple tried every trick imaginable to defeat FaceID and probably were able to do this themselves in the lab. While I suspect that no biometric recognition technology is completely foolproof its about what’s realistic and practical in the real world. No ex-boyfriend is going to go to lengths like this to get into his ex-girlfriend’s phone.
So we are going to see more of this along with claims that FaceId is a failure, juts like we did TouchID when it first arrived. Sad but true because it’s Apple.
"Mission Impossible" projects to steal information from a consumer's smartphone. Wow! All this done without the owner's knowledge. I swear, these people will do anything possible to show they can beat Apple's Face ID. It's really amazing the great lengths they'll go through to show Apple has screwed up in some way. Well, Bkav has gotten their ten minutes of fame but I doubt it's going to prove very much at this point. Are they trying to tell people not to buy an iPhone X because the security can be defeated? I'm sure no security is 100%. If such elaborate measures were taken out with regards to Touch ID, wouldn't it be possible to fool that, too? I suppose this Face ID "weakness" will be spread thoroughly around the internet and will last for days before it's completely forgotten by the news media.
Face ID was likely trained on the mask. So it recognizes the mask. What's so disturbing or impressive about that?
If the mask was supposed to mimic a real iPhone X owner, then a malicious actor would have only 2 attempts to unlock using Face ID before the passcode would be required. In other words, there's almost no room for error.
I'm sure Samsung will be able to use this information in some way to show how crappy Face ID is and how their Samsung Galaxy S is a million times more secure than an iPhone X.
I didn't bother reading Apple's white paper on the technology because I am perfectly happy with a fingerprint scanner. If I had to use a FaceID style solution, I don't think it would be an issue for me.
Not to mention the fact your chinese knockoff brand doesn’t offer anything other than fingerprint scanning anyway..
30,000 dots will probably be doubled, length will be extended, cameras will be better, InVisahe tech and who knows what else.
This will allow better FaceID, more accurate Animoji, object recognition, Better AR, better photo filters etc.
There’s a video on YouTube with a special camera that shows the dots and it obviously looks like 1st gen tech that can be improved.
Most definitely.
Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water.
It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!
Wouldn’t it be easier to lick the phone? TongueID sounds better.
I’m guessing this required a small measure of co-operation from the phone’s owner.
Still it does point to another possible point of failure for FaceID:
What if a pickpocket steals your phone, then shouts, “Hey you!”
When you turn around, he takes a 3D scan of your face, a picture of your eyes and a mould of your nose, before running off.
Now, with access silicon casting apparatus, a 3D printer and a reasonably talented portrait artist, he now has access to your phone until you reach can reach a computer to brick it … which will probably take you about an hour.
By the time he's done all this, the next Iphone X will have launched.
Bkav just got the most publicity it will ever get, ever. That's a big win for them, regardless of how idiotic this is. Where were they when Samsung released its crappy version of FaceID?
A three year old took a picture of someone's face and unlocked their Samsung phone with that picture. It was easy to beat Bkav to the punch.
"The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. "
So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone?
Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
Plus they have exactly five attempts. One first fail and then four chances to tweak the mask, having zero feedback on why it failed each time. And then, lockout, revert to passcode. I’m betting they did lots of adjustments before they got a mask that worked. That’s great if you have a cooperative iPhone owner there to enter the password or re-setup FaceID for you as you’re doing refinements. Then, of course, when everything is set, you make your video showing how you succeeded in thwarting the security.
I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.
Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years. So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update. Back to square one for the hackers.
I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.
Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years. So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update. Back to square one for the hackers.
You don't see how or why security firms and gov't agencies would want to know if a technology is secure and how secure it is?
The same goes for passcode-based systems, even though we can use math to figure out the possible outcomes. For example, how many people will use “password” if that’s allowed, commonalities of PIN combinations, and even bugs in SW or logic issues with password recovery that can lead to bypassing a system.
For instance, if law enforcement was better at their jobs they probably could've accessed the Plano, TX shooter's phone with ease.
It's FAKE come on guys!!! Face ID isn't activated... can't see the lock symbol animation working properly. 100% publicity stunt buy Bkav Corp to garner some attention. Looks like app overlay or most likely video overlay. Not sure what he is doing with his left hand and why screen lights up before he even touches it?
Its FAKE come on guys!!! Face ID isn't activated... can't see the lock symbol animation working properly. 100% publicity stunt buy Bkav Corp garner some attention.
I certainly can't see the lock change. Plus, wouldn't the device automatically turn on its display and unlock as soon as he removes the scarf from the mask if it was suppose to work?
Comments
For most people, they are not big enough targets to warrant someone trying to spoof the phone.
For people who do consider themselves a target, they have the option of using a passcode instead.
If you were fine with a fingerprint scanner, you should be fine with FaceID.
I suppose that someone could cook up a criminally intent depth sensing camera and, for example, stick it on a cash machine and record 3D maps of the faces of anyone taking out cash and then try to use them together with other information to create faces that might be good enough to spoof the phone but the pitfalls could be enough to make it not worthwhile.
I didn't bother reading Apple's white paper on the technology because I am perfectly happy with a fingerprint scanner. If I had to use a FaceID style solution, I don't think it would be an issue for me.
As FUD attempts go, that was very subtle. Nice job.
Your scenario is about as likely to work in real life as the one mentioned in the article. The task of getting a good quality image, then stitching it seamlessly it to other good quality images from other locations, having identified the person you’re looking for. Then getting hold of their phone?
All thing are possible, very few things are likely. This is why TouchID had very few genuine security problems reported even though it was theoretically possible to spoof … if you had access a lot of time, patience, and acccess to a chem lab.
Edit: the video shows that an unlocking by a face behind the camera is still plausible in that setup but what we see is not even that. They show just an animation, that plays before even he touches the display and they are so lazy that they forgot to animate the lock icon.
Most definitely.
Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water.
It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!
It will also allow you to make emojis based on your gums. Gumojis are the next big thing. You read it here first!
We knew that FaceID would be attacked from all sides. In fact I’m almost 100% certain Apple tried every trick imaginable to defeat FaceID and probably were able to do this themselves in the lab. While I suspect that no biometric recognition technology is completely foolproof its about what’s realistic and practical in the real world. No ex-boyfriend is going to go to lengths like this to get into his ex-girlfriend’s phone.
So we are going to see more of this along with claims that FaceId is a failure, juts like we did TouchID when it first arrived. Sad but true because it’s Apple.
If the mask was supposed to mimic a real iPhone X owner, then a malicious actor would have only 2 attempts to unlock using Face ID before the passcode would be required. In other words, there's almost no room for error.
The same goes for passcode-based systems, even though we can use math to figure out the possible outcomes. For example, how many people will use “password” if that’s allowed, commonalities of PIN combinations, and even bugs in SW or logic issues with password recovery that can lead to bypassing a system.
For instance, if law enforcement was better at their jobs they probably could've accessed the Plano, TX shooter's phone with ease.
Face ID isn't activated... can't see the lock symbol animation working properly.
100% publicity stunt buy Bkav Corp to garner some attention.
Looks like app overlay or most likely video overlay.
Not sure what he is doing with his left hand and why screen lights up before he even touches it?