A cyber-security researcher cancelled a hacking Convention briefing on how he said he could crack biometric facial recognition on Apple iPhones, at the request of his Company, which called the Job”misleading.”
The possibility that Face ID could be defeated is troubling because it’s used to lock functions on tens of millions of iPhones from banking and healthcare programs to mails, text messages and photographs.
There’s a one in 1 million chance that the random person could unlock a Face ID, versus one in 50,000 chance that would happen with the iPhone’s fingerprint detector, based on Apple.
Face ID has shown more secure than its predecessor, Touch ID, that utilizes fingerprint detectors to unlock iPhones. Touch ID was defeated within a few days of its 2013 release.
Wu told Reuters that his company, Ant Financial, asked him to withdraw the talk from Black Hat, among the largest and most prestigious organisers of hacking conferences.
Ant Financial’s Alipay payment system is compatible with facial recognition technologies including Face ID.
Nobody has publicly released details on a successful Face ID hack that others have been able to replicate since Apple introduced the feature in 2017 using the iPhone X$74,999, based on biometric security specialists. The company has introduced three other Face ID mobiles: iPhone XS$93,436, XS Max$103,074, and XR.
Wu told Reuters that he agreed with the decision to draw his conversation, saying that he was only able to replicate hacks on iPhone X under certain conditions, but it did not work with iPhone XS and XS Max.
“To be able to ensure the credibility and maturity of their research results, we decided to cancel the speech,” he told Reuters at a remark on Twitter.
“The study on the face ID verification mechanism is faulty and would be misleading if introduced,” Ant Financial said in a statement.
Black Hat withdrew a abstract of this discussion from its website in late December after Ant uncovered problems with the research.
The abstract maintained that Face ID could be hacked using an image printed on an ordinary black printer and some tape. The only other claim of a Face ID hack was 2017 with a Vietnamese cyber-security firm Bkav, which introduced it on YouTube videos. Other researchers have not been able to replicate that attack.
Apple’s facial recognition utilizes a mix of cameras and special sensors to catch a three-dimensional scan of a face which enables it to identify spoofs with photos or figure out whether the user is asleep or otherwise not looking at the phone.
It’s rare for discussions to be pulled out of cyber-security conferences such as Black Hat, whose events are attended by specialists looking to understand emerging hacking threats.
Black Hat told Reuters it had accepted Wu’s discussion because Wu convinced its inspection board that he would pull off the hack.
“Black Hat approved the talk after considering the hack could be replicated based on the materials furnished by the researcher,” summit spokeswoman Kimberly Samra said.
Anil Jain, a Michigan State University computer science professor who’s an expert on facial recognition, said he was amazed by Wu’s claim since Apple has invested heavily into”anti-spoofing” technology which makes these hacks very difficult.