Vietnamese firm trips up iPhone X's Face ID with elaborate mask & makeup

245

Comments

  • Reply 21 of 89
    slurpy said:
    "The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. " So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone? Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
    Ain't you ever seen Mission: Impossible? That's not a movie, it's a documentary. /s
    watto_cobracornchip
  • Reply 22 of 89
    avon b7avon b7 Posts: 7,624member
    I wouldn't worry about this as long as biometric features can be switched off.

    For most people, they are not big enough targets to warrant someone trying to spoof the phone.

    For people who do consider themselves a target, they have the option of using a passcode instead.

    If you were fine with a fingerprint scanner, you should be fine with FaceID.

    I suppose that someone could cook up a criminally intent depth sensing camera and, for example, stick it on a cash machine and record 3D maps of the faces of anyone taking out cash and then try to use them together with other information to create faces that might be good enough to spoof the phone but the pitfalls could be enough to make it  not worthwhile.

    I didn't bother reading Apple's white paper on the technology because I am perfectly happy with a fingerprint scanner. If I had to use a FaceID style solution, I don't think it would be an issue for me.
    lkruppradarthekat
  • Reply 23 of 89
    mtbnutmtbnut Posts: 199member
    Bkav just got the most publicity it will ever get, ever. That's a big win for them, regardless of how idiotic this is. Where were they when Samsung released its crappy version of FaceID? 
    edited November 2017 radarthekatmagman1979watto_cobracornchip
  • Reply 24 of 89
    Rayz2016Rayz2016 Posts: 6,957member
    avon b7 said:

    I suppose that someone could cook up a criminally intent depth sensing camera and, for example, stick it on a cash machine and record 3D maps of the faces of anyone taking out cash and then try to use them together with other information to create faces that might be good enough to spoof the phone but the pitfalls could be enough to make it  not worthwhile.


    As FUD attempts go, that was very subtle. Nice job. 

    Your scenario is about as likely to work in real life as the one mentioned in the article. The task of getting a good quality image, then stitching it seamlessly it to other good quality images from other locations, having identified the person you’re looking for. Then getting hold of their phone?

    All thing are possible, very few things are likely. This is why TouchID had very few genuine security problems reported even though it was theoretically possible to spoof … if you had access a lot of time, patience, and acccess to a chem lab. 


    StrangeDaysradarthekatericthehalfbeepatchythepiratewatto_cobracornchip
  • Reply 25 of 89
    tzeshantzeshan Posts: 2,351member
    I think it is much more important that FaceID can unlock rightful owners 100% in all conditions and won't unlock in normal non-owner conditions . To trick FaceID with other artificial things are really not that important.  All the owner needs to do is to prevent the phone from falling into the hands of others. 
    stompypscooter63watto_cobra
  • Reply 26 of 89
    That “specially processed area” reveals that they’ve put the mask over the face of the owner to unlock. This is similar to the German hoax for Touch ID, in which a replica was shown but the unlocking was done with a true registered finger.

    Edit: the video shows that an unlocking by a face behind the camera is still plausible in that setup but what we see is not even that. They show just an animation, that plays before even he touches the display and they are so lazy that they forgot to animate the lock icon.
    edited November 2017 radarthekatmagman1979pscooter63watto_cobra
  • Reply 27 of 89
    Rayz2016Rayz2016 Posts: 6,957member

    cali said:
    Bet your a** Apple is working on FaceID 2.0.

    30,000 dots will probably be doubled, length will be extended, cameras will be better, InVisahe tech and who knows what else.

    This will allow better FaceID, more accurate Animoji, object recognition, Better AR, better photo filters etc.

    There’s a video on YouTube with a special camera that shows the dots and it obviously looks like 1st gen tech that can be improved. 
    Most definitely. 

    Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water. 

    It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!

    It will also allow you to make emojis based on your gums. Gumojis are the next big thing. You read it here first!
    JaiOh81GG1ericthehalfbeepatchythepiratepscooter63watto_cobracornchip
  • Reply 28 of 89
    lkrupplkrupp Posts: 10,557member
    In practice Bkav-style masks are unlikely to pose a threat, since they would not only be difficult and expensive to make, but require the dimensions of a person's face and detailed imagery.
    This harkens back to when TouchID was first introduced. A couple of German hackers claimed they were able to defeat TouchID by lifting fingerprints. Then it turned out that they had to use a really expensive, high resolution printer and sophisticated techniques that would preclude any casual hacking. You would have to be a high value target to make it worthwhile.

    We knew that FaceID would be attacked from all sides. In fact I’m almost 100% certain Apple tried every trick imaginable to defeat FaceID and probably were able to do this themselves in the lab. While I suspect that no biometric recognition technology is completely foolproof its about what’s realistic and practical  in the real world. No ex-boyfriend is going to go to lengths like this to get into his ex-girlfriend’s phone.

    So we are going to see more of this along with claims that FaceId is a failure, juts like we did TouchID when it first arrived. Sad but true because it’s Apple.
    watto_cobracornchip
  • Reply 29 of 89
    "Mission Impossible" projects to steal information from a consumer's smartphone. Wow! All this done without the owner's knowledge. I swear, these people will do anything possible to show they can beat Apple's Face ID. It's really amazing the great lengths they'll go through to show Apple has screwed up in some way. Well, Bkav has gotten their ten minutes of fame but I doubt it's going to prove very much at this point. Are they trying to tell people not to buy an iPhone X because the security can be defeated? I'm sure no security is 100%. If such elaborate measures were taken out with regards to Touch ID, wouldn't it be possible to fool that, too? I suppose this Face ID "weakness" will be spread thoroughly around the internet and will last for days before it's completely forgotten by the news media.
    radarthekatwatto_cobra
  • Reply 30 of 89
    cpsrocpsro Posts: 3,192member
    Face ID was likely trained on the mask. So it recognizes the mask. What's so disturbing or impressive about that?

    If the mask was supposed to mimic a real iPhone X owner, then a malicious actor would have only 2 attempts to unlock using Face ID before the passcode would be required. In other words, there's almost no room for error.
    edited November 2017 patchythepiratewatto_cobra
  • Reply 31 of 89
    thrang said:
    does anyone give a crap about this?
    I'm sure Samsung will be able to use this information in some way to show how crappy Face ID is and how their Samsung Galaxy S is a million times more secure than an iPhone X.
    watto_cobra
  • Reply 32 of 89
    avon b7 said:

    I didn't bother reading Apple's white paper on the technology because I am perfectly happy with a fingerprint scanner. If I had to use a FaceID style solution, I don't think it would be an issue for me.
     Not to mention the fact your chinese knockoff brand doesn’t offer anything other than fingerprint scanning anyway..
    radarthekatpatchythepiratewatto_cobraRayz2016
  • Reply 33 of 89
    Rayz2016 said:

    cali said:
    Bet your a** Apple is working on FaceID 2.0.

    30,000 dots will probably be doubled, length will be extended, cameras will be better, InVisahe tech and who knows what else.

    This will allow better FaceID, more accurate Animoji, object recognition, Better AR, better photo filters etc.

    There’s a video on YouTube with a special camera that shows the dots and it obviously looks like 1st gen tech that can be improved. 
    Most definitely. 

    Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water. 

    It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!
    Wouldn’t it be easier to lick the phone? TongueID sounds better.
    watto_cobraRayz2016cornchip
  • Reply 34 of 89
    foggyhillfoggyhill Posts: 4,767member
    Rayz2016 said:
    I’m guessing this required a small measure of co-operation from the phone’s owner. 

    Still it does point to another possible point of failure for FaceID:

    What if a pickpocket steals your phone, then shouts, “Hey you!”

    When you turn around, he takes a 3D scan of your face, a picture of your eyes and a mould of your nose, before running off. 

    Now, with access silicon casting apparatus, a 3D printer and a reasonably talented portrait artist, he now has access to your phone until you reach can reach a computer to brick it … which will probably take you about an hour. 


    By the time he's done all this, the next Iphone X will have launched.
    radarthekatwatto_cobraRayz2016
  • Reply 35 of 89
    linkmanlinkman Posts: 1,035member
    mtbnut said:
    Bkav just got the most publicity it will ever get, ever. That's a big win for them, regardless of how idiotic this is. Where were they when Samsung released its crappy version of FaceID? 
    A three year old took a picture of someone's face and unlocked their Samsung phone with that picture. It was easy to beat Bkav to the punch.
    radarthekatwatto_cobracornchip
  • Reply 36 of 89
    radarthekatradarthekat Posts: 3,842moderator
    slurpy said:
    "The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. " So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone? Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
    Plus they have exactly five attempts.  One first fail and then four chances to tweak the mask, having zero feedback on why it failed each time.  And then, lockout, revert to passcode.  I’m betting they did lots of adjustments before they got a mask that worked.  That’s great if you have a cooperative iPhone owner there to enter the password or re-setup FaceID for you as you’re doing refinements.  Then, of course, when everything is set, you make your video showing how you succeeded in thwarting the security.  
    watto_cobraRayz2016StrangeDaysbeowulfschmidt
  • Reply 37 of 89
    radarthekatradarthekat Posts: 3,842moderator
    Soli said:
    thrang said:
    does anyone give a crap about this?
    I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.
    Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years.  So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update.  Back to square one for the hackers.
    watto_cobra
  • Reply 38 of 89
    SoliSoli Posts: 10,035member
    Soli said:
    thrang said:
    does anyone give a crap about this?
    I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.
    Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years.  So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update.  Back to square one for the hackers.
    You don't see how or why security firms and gov't agencies would want to know if a technology is secure and how secure it is?

    The same goes for passcode-based systems, even though we can use math to figure out the possible outcomes. For example, how many people will use “password” if that’s allowed, commonalities of PIN combinations, and even bugs in SW or logic issues with password recovery that can lead to bypassing a system.

    For instance, if law enforcement was better at their jobs they probably could've accessed the Plano, TX shooter's phone with ease. 
    edited November 2017
  • Reply 39 of 89
    It's FAKE come on guys!!!  :D
    Face ID isn't activated... can't see the lock symbol animation working properly.
    100% publicity stunt buy 
    Bkav Corp to garner some attention.
    Looks like app overlay or most likely video overlay.
    Not sure what he is doing with his left hand and why screen lights up before he even touches it?
    edited November 2017 macplusplustechriderwatto_cobracornchip
  • Reply 40 of 89
    SoliSoli Posts: 10,035member
    sergioz said:
    Its FAKE come on guys!!!  :D
    Face ID isn't activated... can't see the lock symbol animation working properly.
    100% publicity stunt buy Bkav Corp garner some attention.
    I certainly can't see the lock change. Plus, wouldn't the device automatically turn on its display and unlock as soon as he removes the scarf from the mask if it was suppose to work?
    radarthekat
Sign In or Register to comment.