Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday November 14 2017, @04:42PM   Printer-friendly
from the steal-your-face dept.

Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.

On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by darkfeline on Tuesday November 14 2017, @10:12PM (1 child)

    by darkfeline (1030) on Tuesday November 14 2017, @10:12PM (#597013) Homepage

    Why is this marked insightful? This is wrong.

    Identification != authentication

    The purpose of an ID is to uniquely IDentify a user. If you need to refer to a specific user, you cannot say "the user with the password password" because we all know half of your users use that password.

    Instead you say "the user with the username foo".

    In the "real world", things that are often used for identification include national ID numbers, Social Security (*gasp* it's for identification, not authentication), driver's license number, and name+address.

    The thing is, all of those have downsides, and using biometrics is really really good ID. Almost certainly unique when combining multiple types, no need for a centralized database.

    Of course, identification != authentication. Don't use biometrics for auth, you lowlives.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by Gaaark on Wednesday November 15 2017, @01:39AM

    by Gaaark (41) on Wednesday November 15 2017, @01:39AM (#597088) Journal

    Except for computer systems that make you type in a username AND a password, the username CAN be almost like a password: you have to guess the username AND the password.

    If you don't know that Gaaark username for his laptop is Unic0rnPr0n, you have to guess correctly both username and password.

    I'd rather someone have to guess both than just use my face.

    ***Or, did I misunderstand your point?? Tired...might have.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---