Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.
When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.
On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.
On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?
(Score: 2) by tangomargarine on Tuesday November 14 2017, @07:06PM (2 children)
It wouldn't be hard with PKI and key escrow. The problem is how trustworthy the government agent is who gets the copy of your key.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by meustrus on Tuesday November 14 2017, @11:14PM (1 child)
If you create a backdoor key, anybody can steal the backdoor key. If you create a backdoor key that applies to every single lock, stealing that one key becomes exponentially more valuable. The same goes for separate backdoor keys for every lock that are all kept in the same place.
Information security is about keeping secrets. The moment you have told anybody else, your attack vector expands to include theirs.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by tangomargarine on Wednesday November 15 2017, @03:52PM
Give the government agent your original key; there's no backdoor involved at all.
It's easy to do technically, it's just not a very good idea. At that point everything hinges on 1) the security of the government key escrow system, and B) how robust and trustworthy the process for obtaining permission to use the keys is.
Yup. But of course the point of this whole "secure backdoor encryption" nonsense isn't to make *us* more secure; it's to help the government get their greasy fingers into all of our data.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"