Wednesday, January 9, 2019

Chinese Researcher's Face ID Hacking Talk Canceled By Employer

From Engineering & Technology, Jan. 4: 

Face ID hacking talk pulled from cyber-security conference
A cyber-security researcher has cancelled a hacking conference presentation explaining how Apple’s facial recognition technology can be tricked, after his employer demanded that he withdraw from the event, Reuters has reported. 

Wish Wu, a China-based cyber-security reporter, had prepared a briefing for the Black Hat Asia conference in March. The briefing would explain how he cracked Apple’s biometric facial recognition (Face ID), the highly secure unlock option for users of recent iPhone and iPad models.
Face ID was introduced in September 2017 with the iPhone X and is now incorporated into all new Apple phones and tablets. A sensor projects a grid of tiny infrared dots onto the face of the user, with the resulting unique pattern used to generate a 3D map of the face. Authentication is given when this matches the face of the registered user.

According to Apple, Face ID is extremely secure, with just a one in one million chance of a random person unlocking a device using facial recognition, compared with a one in 50,000 chance for Touch ID, the previously used biometric security measure which provides authentication by scanning the user’s fingerprint. Face ID is now used not just to unlock devices, but is also used to authenticate and ensure that other functions are carried out securely, such as financial transactions.

All previous attempts to fool Face ID have failed, including with the use of sophisticated masks and when testing the technology on identical twins. So far, nobody has been able to present a method for successfully tricking Face ID which can be replicated.

Wu planned to describe how Face ID could be tricked in his now-cancelled talk titled ‘Bypass Strong Face ID: Everyone Can Decieve Depth and IR Camera and Algorithms’. According to the abstract for the talk, Face ID can be tricked using simply an image printed on ordinary paper and tape. However, Wu’s employer, Ant Financial, called his work “misleading”.
The researcher told Reuters that his employer asked him to withdraw the talk and that he had agreed as he was only able to reproduce the trick on the iPhone X under certain conditions; the trick did not work at all with the new iPhone XS and XS Max handsets.

“In order to ensure the credibility and maturity of the research results, we decided to cancel the speech,” he told Reuters on Twitter....MORE
Methinks there may be more to this story than we are being told.
Meanwhile E&T reports on U.S. tech innovation: 
Delivery bots rolled out for California students with ‘on-demand snacking mentality’