Hackers Claim to Have Broken Apple's Facial Recognition



  • Hackers, who refuse to provide a lot of information, claim to have already defeated Apple's new facial recognition biometrics system on their new iPhones with the latest iOS. The claim is far from substantiated at this point and could easily be nothing more than a hoax. But the firm has made some serious first hacks in the past, so there is a chance that this is serious.


  • Service Provider

    Given other biometric track records, as fishy as the claim is, I'm betting that it is real.



  • They broke the facial recognition? What did they do, drop it from a couple of feet off the ground?



  • @rojoloco said in Hackers Claim to Have Broken Apple's Facial Recognition:

    They broke the facial recognition? What did they do, drop it from a couple of feet off the ground?

    That just obliterates the rest of the phone. My guess is they held up a picture in front of it... or a mannequin.


  • Service Provider

    @dafyre said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @rojoloco said in Hackers Claim to Have Broken Apple's Facial Recognition:

    They broke the facial recognition? What did they do, drop it from a couple of feet off the ground?

    That just obliterates the rest of the phone. My guess is they held up a picture in front of it... or a mannequin.

    3D printed prosthetics.



  • @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @dafyre said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @rojoloco said in Hackers Claim to Have Broken Apple's Facial Recognition:

    They broke the facial recognition? What did they do, drop it from a couple of feet off the ground?

    That just obliterates the rest of the phone. My guess is they held up a picture in front of it... or a mannequin.

    3D printed prosthetics.

    Apple specifically tested against the face mask trick and talked about it in the release, plus part of the login involved retina scan having your eyes open and facing the screen. If You close your eyes it will not login. Even if you close one eye.

    This is dubious and likely involved a scan that was ininitally scanned wrong in some way.



  • Searching around I find it odd that now Apple site is reporting this, and they are usually the first to knee-jerk on anything positive or negative with Apple products.

    Is it fake news?



  • This seems to be the source of all this....

    Youtube Video


  • Service Provider

    The news is absolutely real. The news is that hackers are claiming something.



  • I'm not really surprised by this. I don't understand everything about the authentication mechanism, but common sense tells me any biometric ID system can be defeated by providing a good enough replica of the thing to that's being matched / measured.



  • @eddiejennings said in Hackers Claim to Have Broken Apple's Facial Recognition:

    I'm not really surprised by this. I don't understand everything about the authentication mechanism, but common sense tells me any biometric ID system can be defeated by providing a good enough replica of the thing to that's being matched / measured.

    Its a hoax...

    https://techcrunch.com/2017/11/13/apple-face-id-bkav-hack/

    "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. Remarkably, in spite of their fairly elaborate efforts — including “details like eyeholes designed to allow real eye movement” and “thousands of eyebrow hairs inserted into the mask intended to look more like real hair” — Wired and Cloudflare didn’t succeed. Wired also reported on the Bkav hack, comparing its own efforts against what we can glean from the video.

    If the notion that a $150-mask with far less detail could fool Face ID strains credulity, that healthy skepticism is probably merited."



  • Also in the initial unveiling of iPhone X they showed the very elaborate efforts Apple made to hack its own technology, with masks and every other trick they could come up with.

    What this guy is showing in the video could easily be Face ID turned off completely. He should have showed himself unlocking it with Face ID, then showed the mask working, and in between shown his settings without cutting away from the phone.

    And even then its still likely faked.


  • Service Provider

    @bigbear said in Hackers Claim to Have Broken Apple's Facial Recognition:

    If the notion that a $150-mask with far less detail could fool Face ID strains credulity, that healthy skepticism is probably merited."

    It's a $150 worth of materials mask, from the decription, the mask is likely tens of thousands of dollars to have made. It's partially hand sculpted, partially printed, etc.

    I think both sides are overly dismissive here. On the one side, the claim is not well substantiated. On the other side, they are so anxious to dismiss it that it feels like genuine panic.


  • Service Provider

    From the same article:

    "It’s alarming to hear of any workaround for sophisticated consumer security tech, but even if some kind of mask hack ends up working, it doesn’t exactly scale to the average consumer. If you’re concerned that someone might want into your devices badly enough that they’d execute such an involved plan to steal your facial biometrics, well, you’ve probably got a lot of other things to worry about as well. "

    Um, either it's a $150 key, or it's an eloborate system. Can't be both. If you can have someone make a "get into someone's phone for $150 tool" then it's trivial to break into your phone, that's cheap enough to do it for casual theft reasons, like to just steal the phone, let alone the data on it.


  • Service Provider

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.


  • Service Provider

    Also: "Remarkably, in spite of their fairly elaborate efforts — including “details like eyeholes designed to allow real eye movement”...

    Eye holes are elaborate? Is TechCrunch really using this as their logic?


  • Service Provider

    This sums it up: "If the notion that a $150-mask with far less detail could fool Face ID strains credulity, that healthy skepticism is probably merited. At the same time, Bkav isn’t a totally random name in security research: the company published a report on weaknesses in Asus, Lenovo and Toshiba facial recognition tech back in 2009, so it’s clearly been thinking about this kind of stuff. Why it might undermine any potential credibility with a bogus FaceID hack is beyond us..."

    The $150 bit is FUD, that means nothing as they described it earlier. What's important is that this is a known research firm with a track record - that's the cause for concern. This is a company putting their reputation on the line for this. While we need them to back it up, if we are using guidlines like "$150 mask seems silly because joke-of-a-magazine Wired didn't figure it out" vs. "a known security researcher says that they can do it", one means nothing and one means a lot. The logic that TechCrunch is using to discredit the find is, simple, ridiculous. TechCrunch itself has given up credibility here.

    That doesn't mean that the claim is founded, it seems awfully fake. But TC's response to it... is a total joke.



  • Fooling any facial rec before now would be dubious. While I'm not getting the first X I believe what Apple has created will pave the way and having everyone following suit for years as usual (with hardware).

    The video lacks any effort to solidly itself as valid.

    I think the comment about mask holes is more complicated than it reads. The fact that Apple displayed masks they created to fool its tech in the intro video (far better than what's displayed here) and still couldn't fooo it speaks more to me than anything.

    The same BS and FUD was circulating when Appenstarted finger print scanners, then everyone followed sit. There were articles about thieves cutting off fingers and claims that finger print molds fooled the tech.

    What's hilarious is my google news feed is full of these articles, that know one will read, and this weekend some guy at the bar is gonna be talking about "did you hear they hacked that face ID"


  • Service Provider

    It's definitely a long way from anyone showing that it has been hacked. But right now, it's just a bunch of online rags trying to come up with headline material when the entire actual story is "slightly known hacking firm with a history in challenging facial recognition systems claims success in hacking recent biometric product." That's it. That's the whole story. There's no reason to believe that it is real other than the fact that the group isn't new and has done this before, and the attempts to show it is false are... empty. That it is "hard for others" to crack it isn't relevant, it's actually really silly to state.

    It's a bit like some random kid saying he used a lock pick and broke into my house, with nothing to back up his claim. Then my drunk hillbilly neighbour saying that since he and two random drunk guys from his work couldn't work a lockpick and therefore the entire theory of lockpicking was invalid.

    Right now, the challenge is figuring out who is the bigger bluffer.


  • Service Provider

    The tough part is that because there aren't real details of the claim to refute, instead of people saying "let's wait and see if they did something unique", they are just saying "Apple is flawless and could not get this wrong, period... and random people who have zero skill at this can't do it so people who are skilled and specialized can't do it."

    If anything, the greatest concern is just how panicky people are about it being hackable that they have to refute the possibility so much in such bad ways. They doth protest too much, is the real issue here.

    Is the tech hackable? Of course, that is without question. The only questions are how hard is it to hack, and has anyone actually done it yet.



  • @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    It's definitely a long way from anyone showing that it has been hacked. But right now, it's just a bunch of online rags trying to come up with headline material when the entire actual story is "slightly known hacking firm with a history in challenging facial recognition systems claims success in hacking recent biometric product." That's it. That's the whole story. There's no reason to believe that it is real other than the fact that the group isn't new and has done this before, and the attempts to show it is false are... empty. That it is "hard for others" to crack it isn't relevant, it's actually really silly to state.

    It's a bit like some random kid saying he used a lock pick and broke into my house, with nothing to back up his claim. Then my drunk hillbilly neighbour saying that since he and two random drunk guys from his work couldn't work a lockpick and therefore the entire theory of lockpicking was invalid.

    Right now, the challenge is figuring out who is the bigger bluffer.

    I give wired and cloud flare more credence than the hack who made that video. It's clearly avoiding the obvious.



  • @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.



  • With Wired magazine its basically all about BS articles that are paid marketing. No separation of Ad sales and journalism at all.

    When I saw the article about the first Samsung watch and they had the two Korean execs in a photoshop talking about innovation I cracked up. I got that in 2014, it died in side of 2 weeks. I couldnt get anyone to do anything about it. Plus it was a bulky POS.

    I knew then Wired was shill.


  • Service Provider

    @dashrender said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.

    Yes, very fishy.


  • Service Provider

    @bigbear said in Hackers Claim to Have Broken Apple's Facial Recognition:

    With Wired magazine its basically all about BS articles that are paid marketing. No separation of Ad sales and journalism at all.

    When I saw the article about the first Samsung watch and they had the two Korean execs in a photoshop talking about innovation I cracked up. I got that in 2014, it died in side of 2 weeks. I couldnt get anyone to do anything about it. Plus it was a bulky POS.

    I knew then Wired was shill.

    Yeah, that's why I'm struggling to believe their rebuttle. A known marketing shill is protecting Apple from a known security research firm. Which is more likely to be legit? Based only on knowing who each company is, Wires seems by far the less credible.


  • Service Provider

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @dashrender said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.

    Yes, very fishy.

    WTF people can you all not read?

    Rogers (now employed by Cloudflare) is famous for being one of the first to break TouchID, as well as having been in the security field forever.

    http://marcrogers.org/about/



  • @jaredbusch said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @dashrender said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.

    Yes, very fishy.

    WTF people can you all not read?

    Rogers (now employed by Cloudflare) is famous for being one of the first to break TouchID, as well as having been in the security field forever.

    http://marcrogers.org/about/

    Youtube Video


  • Service Provider

    @jaredbusch said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @dashrender said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.

    Yes, very fishy.

    WTF people can you all not read?

    Rogers (now employed by Cloudflare) is famous for being one of the first to break TouchID, as well as having been in the security field forever.

    http://marcrogers.org/about/

    If that was the case, they'd mention him as a specialist, not his employer in an unrelated field.

    I might be an amazing pastry chef, but work as a manager in a manfucturing plant, you don't write an article saying that I helped design a cake by saying that "Big Box Manufacturing consulted on cake design."


  • Service Provider

    CloudFlare is in the security field, but not the facial recognition security field. Nor, from what I know, is Marc. The hackers in question are specifically facial recognition hackers.


  • Service Provider

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @jaredbusch said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @dashrender said in Hackers Claim to Have Broken Apple's Facial Recognition:

    @scottalanmiller said in Hackers Claim to Have Broken Apple's Facial Recognition:

    Also of interest, "Prior to the Bkav video, Wired worked with Cloudflare to see if Face ID could be hacked through masks that appear far more sophisticated than the ones the Bkav hack depicts. ".... um, what does a hipster pseudo-tech news publication and a web reverse proxy service have to do with this? These are really suspicious companies to have involved in proving that this tech is solid. Wired is a pretty goofy magazine at best and CF has no expertise (that we know of) in this kind of security, it's nothing to do with their business.

    yeah I was definitely wondering why CF was involved in this testing at all? Seemed very weird.

    Yes, very fishy.

    WTF people can you all not read?

    Rogers (now employed by Cloudflare) is famous for being one of the first to break TouchID, as well as having been in the security field forever.

    http://marcrogers.org/about/

    If that was the case, they'd mention him as a specialist, not his employer in an unrelated field.

    The article I read did.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.