Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday November 14 2017, @04:42PM   Printer-friendly
from the steal-your-face dept.

Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.

On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tangomargarine on Tuesday November 14 2017, @07:06PM (2 children)

    by tangomargarine (667) on Tuesday November 14 2017, @07:06PM (#596915)

    What is best for society would be a system in which we maintain all ability to protect ourselves, but an agent of the law can through transparent due process obtain all evidence that exists in the course of a single investigation. I don't see how this is technically possible, but it's what we need.

    It wouldn't be hard with PKI and key escrow. The problem is how trustworthy the government agent is who gets the copy of your key.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by meustrus on Tuesday November 14 2017, @11:14PM (1 child)

    by meustrus (4961) on Tuesday November 14 2017, @11:14PM (#597049)

    If you create a backdoor key, anybody can steal the backdoor key. If you create a backdoor key that applies to every single lock, stealing that one key becomes exponentially more valuable. The same goes for separate backdoor keys for every lock that are all kept in the same place.

    Information security is about keeping secrets. The moment you have told anybody else, your attack vector expands to include theirs.

    --
    If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
    • (Score: 2) by tangomargarine on Wednesday November 15 2017, @03:52PM

      by tangomargarine (667) on Wednesday November 15 2017, @03:52PM (#597323)

      Give the government agent your original key; there's no backdoor involved at all.

      It's easy to do technically, it's just not a very good idea. At that point everything hinges on 1) the security of the government key escrow system, and B) how robust and trustworthy the process for obtaining permission to use the keys is.

      Information security is about keeping secrets. The moment you have told anybody else, your attack vector expands to include theirs.

      Yup. But of course the point of this whole "secure backdoor encryption" nonsense isn't to make *us* more secure; it's to help the government get their greasy fingers into all of our data.

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"