Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.
When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.
On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.
On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 14 2017, @05:06PM (9 children)
"User ID" is just the portion of a password that a user seemingly doesn't mind being published widely.
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @05:14PM (6 children)
"Password" is just the portion of a user ID that a user seemingly wants to keep as secret as possible.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday November 14 2017, @05:32PM
"I'm on fire! Everything's on fire! Save me, Jesus!"
- Steve
(Score: 3, Touché) by bob_super on Tuesday November 14 2017, @05:46PM (4 children)
"Password" is covered by the fifth, while "biometric" isn't...
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @06:09PM (3 children)
But what amendment protects this insane level of pedantry?
(Score: 2) by bob_super on Tuesday November 14 2017, @06:34PM (1 child)
The first.
(Score: 2) by Gaaark on Wednesday November 15 2017, @01:31AM
Why?
Who's on first?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @06:34PM
The anti-1st?
(Score: 4, Insightful) by darkfeline on Tuesday November 14 2017, @10:12PM (1 child)
Why is this marked insightful? This is wrong.
Identification != authentication
The purpose of an ID is to uniquely IDentify a user. If you need to refer to a specific user, you cannot say "the user with the password password" because we all know half of your users use that password.
Instead you say "the user with the username foo".
In the "real world", things that are often used for identification include national ID numbers, Social Security (*gasp* it's for identification, not authentication), driver's license number, and name+address.
The thing is, all of those have downsides, and using biometrics is really really good ID. Almost certainly unique when combining multiple types, no need for a centralized database.
Of course, identification != authentication. Don't use biometrics for auth, you lowlives.
Join the SDF Public Access UNIX System today!
(Score: 2) by Gaaark on Wednesday November 15 2017, @01:39AM
Except for computer systems that make you type in a username AND a password, the username CAN be almost like a password: you have to guess the username AND the password.
If you don't know that Gaaark username for his laptop is Unic0rnPr0n, you have to guess correctly both username and password.
I'd rather someone have to guess both than just use my face.
***Or, did I misunderstand your point?? Tired...might have.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---