1STnTENDERBITS

StrangeDays said:

1STnTENDERBITS said:

Soli said:

1STnTENDERBITS said:

If someone doesn't read the article and they freak out, that's on them.  If they don't read the article and say Face ID is crappy, so what?  Just ignore them or if it bothers you, correct their incorrect assumption.  Simply put, this is not a good look no matter how you look at it.  A vaunted security feature bypassed by $2 worth of supplies.  No 3D printer, no sophisticated masks or prosthetic pieces.  No Mission Impossible dangling from a rope inches above the floor.  Nope.  Just a quick hop over to Walmart and you're good to go.  As I said, I think Apple focused on high tech intrusion, not anything like this.  Their fix shouldn't be that hard to come up with imo.

Why go to Walmart? Take the glasses from the person that already has to be wearing them to setup Face ID with glasses and then put tape on them before putting them back on the face of the iPhone owner to get into their device. Despite your comment saying how obvious it is you still failed to not it requires all these very odd circumstances to use this "hack" effectively.

I think you're failing to understand the point.  Face ID can be defeated by a solution that is so low tech and cheap that it's absurd.  That "X-Glasses kit" from the picture I attached is all that is needed to bypass Face ID.   Stick the kit on someone's face, hold their phone up, and voila. ← That's exactly how the hack works. There are no very odd circumstances.   Bypassing Face ID should never be that easy.  That's the point.

StrangeDays said:

You can also knock a person out and stick their finger on a fingerprint sensor. 

You people try so hard. 

You don't try hard enough... to think.  How exactly does Touch ID having vulnerabilities change the fact that Face ID got low tech spoofed easily?  It doesn't.  You should try to do something other than your regular deflection shtick.  It is nothing more than a tedious annoyance.  "Hey, I know the subject is this issue right here, but I'm just gonna start tossin' dirt on other stuff.  I honestly don't think you know any other form of interaction besides trying to place blame elsewhere.  

Do you actually have a relevant opinion on this topic?  Or are you going to continue throwing dirt to deflect.  Let's see, you've already deflected using Samsung and Touch ID.  What's next?  Gonna say someone could hold a person at gun point and force them to give up their password. /s

I do think, which is why I recognize bonehead troll tropes when I see them. Your pattern of posting history makes it very plain to see...you now purport there to be an immense Apple security problem where there isn’t, as shown by the many years of Touch ID and your crappy knockoffs with their fingerprint sensors. The whole “They’re gonna knock you out and put these glasses on you!” schtick is silly bullshit, nothing more. No more valid than the FUD pellets people like you dropped from your behind for Touch ID — “Muggers will cut your fingers off! The government will force your finger onto the sensor!” Then the “Hey, you!” fear mongering. Then the AirPod “Muggers will pluck them out of your ears on a bicycle!” Blah blah blah... All silly bullshit, none of which came to pass, just like this Groucho Marx nonsense. 

Apple will likely resolve any exposed weakness in the “liveness” detection so it’s just academic anyway. Heckler self-pleasuring, nothing more. 

You're an abject liar.  You are the one who brought up Touch ID. There's nothing negative about Touch ID in any of my posts.  There's nothing in any of my quotes about knocking someone out. All that shit you're trotting out and trying to attribute to me?  Piss off with that nonsense.  There's nothing in my posting history like that.  It's open so anyone can see what a liar you are.  And no, you don't think.  Otherwise you wouldn't try to pin outright lies on me.  I would say it's intentional but it's more likely Hanlon's Razor.

Soli said:

1STnTENDERBITS said:

If someone doesn't read the article and they freak out, that's on them.  If they don't read the article and say Face ID is crappy, so what?  Just ignore them or if it bothers you, correct their incorrect assumption.  Simply put, this is not a good look no matter how you look at it.  A vaunted security feature bypassed by $2 worth of supplies.  No 3D printer, no sophisticated masks or prosthetic pieces.  No Mission Impossible dangling from a rope inches above the floor.  Nope.  Just a quick hop over to Walmart and you're good to go.  As I said, I think Apple focused on high tech intrusion, not anything like this.  Their fix shouldn't be that hard to come up with imo.

Why go to Walmart? Take the glasses from the person that already has to be wearing them to setup Face ID with glasses and then put tape on them before putting them back on the face of the iPhone owner to get into their device. Despite your comment saying how obvious it is you still failed to not it requires all these very odd circumstances to use this "hack" effectively.

I think you're failing to understand the point.  Face ID can be defeated by a solution that is so low tech and cheap that it's absurd.  That "X-Glasses kit" from the picture I attached is all that is needed to bypass Face ID.   Stick the kit on someone's face, hold their phone up, and voila. ← That's exactly how the hack works. There are no very odd circumstances.   Bypassing Face ID should never be that easy.  That's the point.

StrangeDays said:

You can also knock a person out and stick their finger on a fingerprint sensor. 

You people try so hard. 

You don't try hard enough... to think.  How exactly does Touch ID having vulnerabilities change the fact that Face ID got low tech spoofed easily?  It doesn't.  You should try to do something other than your regular deflection shtick.  It is nothing more than a tedious annoyance.  "Hey, I know the subject is this issue right here, but I'm just gonna start tossin' dirt on other stuff.  I honestly don't think you know any other form of interaction besides trying to place blame elsewhere.  

Do you actually have a relevant opinion on this topic?  Or are you going to continue throwing dirt to deflect.  Let's see, you've already deflected using Samsung and Touch ID.  What's next?  Gonna say someone could hold a person at gun point and force them to give up their password. /s

Soli said:

Let's be clear that this "hack" still needs the face of the person who is already keyed for the device. This only allows a person who wears glasses to allow someone to use their phone on their face to unlock Face ID without their consent if they happen to be unconscious after making a pair of augmented glasses, assuming that their picking up the iPhone doesn't trigger Face ID and the subsequently disabling of Face ID before they can execute this "hack".

What do you mean "let's be clear"?  Everything you said is stated better right in the article.  It couldn't be more clear.  The researchers even offered up their thoughts on how to mitigate the vulnerability.  Instead of trying to make excuses for Face ID, be happy this beyond low tech, super cheap MacGuyver hack has been exposed.  Now Apple can work on nullifying it.  I think Apple concentrated on defeating high tech penetration techniques.  This hack is the equivalent of throwing a rock through window.  Low tech, but it works.

Their bypass consists of a cheap pair of glasses and two pieces of tape.  Approx. $2 worth of material to bypass a billion dollar security system.  Whodathunkit? ¯\_(ツ)_/¯

GeorgeBMac said:

1STnTENDERBITS said:

GeorgeBMac said:

PART of the trouble here is, in fact, the fault of Apple:
While they "encourage" people to get repairs & upgrades done at an authorized center they neither enforce the policy nor (critically) publicize it up front.   Instead they use a sorta passive - aggressive approach where, when there is a problem they say:  "See, you didn't follow directions.   It is your fault".

I think Apple and its customers would be best served by making it very clear up front that, while they won't block you from getting third party repairs that all bets, warranties, guarantees, assurances and everything is gone if you do.   They need to do that BEFORE somebody buys an Apple product, not after they get the third party repair that impacts their product.

(I don't mean to absolve the person of responsibility for their actions.  But that we will continue to have these debates and discussions until  Apple makes their policy very clear UP FRONT.)

Apple can't do that, because it would be against the law.  Warranties are covered by the Magnusson Moss Warranty Act.  What you're advocating is expressly forbidden.  Apple can only insist on OEM or Authorized repair/parts if 1. They are offering the repair for free under warranty or 2.  They can prove the repair can only be done with certified parts or via certified tech.  

"The Act requires manufacturers and sellers of consumer products to provide consumers with clear and detailed information about warranty coverage."

 So how does that block Apple from doing just that:   "provide consumers with clear and detailed information"?
If you mean voiding the warranty, Apple and a bunch of other companies already do just that if you break their rules.

A key component of the Act is : Warrantors cannot require that only OEM parts be used with the product in order to retain the warranty. This is commonly referred to as the "tie-in sales" provisions and is frequently mentioned in the context of third-party computer parts, such as memory and hard drives. 

Apple can't tie warranty validity to using 1st party or authorized parts and service.  That would be a tie-in.