Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday November 14 2017, @04:42PM   Printer-friendly
from the steal-your-face dept.

Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.

On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday November 14 2017, @05:06PM (9 children)

    by Anonymous Coward on Tuesday November 14 2017, @05:06PM (#596864)

    "User ID" is just the portion of a password that a user seemingly doesn't mind being published widely.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @05:14PM (6 children)

    by Anonymous Coward on Tuesday November 14 2017, @05:14PM (#596867)

    "Password" is just the portion of a user ID that a user seemingly wants to keep as secret as possible.

    • (Score: -1, Offtopic) by Anonymous Coward on Tuesday November 14 2017, @05:32PM

      by Anonymous Coward on Tuesday November 14 2017, @05:32PM (#596873)

      "I'm on fire! Everything's on fire! Save me, Jesus!"
      - Steve

    • (Score: 3, Touché) by bob_super on Tuesday November 14 2017, @05:46PM (4 children)

      by bob_super (1357) on Tuesday November 14 2017, @05:46PM (#596878)

      "Password" is covered by the fifth, while "biometric" isn't...

      • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @06:09PM (3 children)

        by Anonymous Coward on Tuesday November 14 2017, @06:09PM (#596887)

        But what amendment protects this insane level of pedantry?

        • (Score: 2) by bob_super on Tuesday November 14 2017, @06:34PM (1 child)

          by bob_super (1357) on Tuesday November 14 2017, @06:34PM (#596897)

          The first.

          • (Score: 2) by Gaaark on Wednesday November 15 2017, @01:31AM

            by Gaaark (41) on Wednesday November 15 2017, @01:31AM (#597085) Journal

            Why?

            Who's on first?

            --
            --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
        • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @06:34PM

          by Anonymous Coward on Tuesday November 14 2017, @06:34PM (#596899)

          The anti-1st?

  • (Score: 4, Insightful) by darkfeline on Tuesday November 14 2017, @10:12PM (1 child)

    by darkfeline (1030) on Tuesday November 14 2017, @10:12PM (#597013) Homepage

    Why is this marked insightful? This is wrong.

    Identification != authentication

    The purpose of an ID is to uniquely IDentify a user. If you need to refer to a specific user, you cannot say "the user with the password password" because we all know half of your users use that password.

    Instead you say "the user with the username foo".

    In the "real world", things that are often used for identification include national ID numbers, Social Security (*gasp* it's for identification, not authentication), driver's license number, and name+address.

    The thing is, all of those have downsides, and using biometrics is really really good ID. Almost certainly unique when combining multiple types, no need for a centralized database.

    Of course, identification != authentication. Don't use biometrics for auth, you lowlives.

    --
    Join the SDF Public Access UNIX System today!
    • (Score: 2) by Gaaark on Wednesday November 15 2017, @01:39AM

      by Gaaark (41) on Wednesday November 15 2017, @01:39AM (#597088) Journal

      Except for computer systems that make you type in a username AND a password, the username CAN be almost like a password: you have to guess the username AND the password.

      If you don't know that Gaaark username for his laptop is Unic0rnPr0n, you have to guess correctly both username and password.

      I'd rather someone have to guess both than just use my face.

      ***Or, did I misunderstand your point?? Tired...might have.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---