Cyber researcher pulls public talk on hacking Apple’s Face ID

In this file photo taken on September 16, 2014 a shop assistant works behind a computer at a store selling Apple products, including the iPhone, in Beijing. (AFP)
Updated 04 January 2019
0

Cyber researcher pulls public talk on hacking Apple’s Face ID

  • The prospect that Face ID could be defeated is troubling because it is used to lock down functions on tens of millions of iPhones
  • There is a one in 1 million chance a random person could unlock a Face ID

NEW YORK: A cybersecurity researcher canceled a hacking conference briefing on how he said he could crack biometric facial recognition on Apple Inc. iPhones, at the request of his employer, which called the work “misleading.”
The prospect that Face ID could be defeated is troubling because it is used to lock down functions on tens of millions of iPhones from banking and health care apps to emails, text messages and photos.
There is a one in 1 million chance a random person could unlock a Face ID, versus one in 50,000 chance that would happen with the iPhone’s fingerprint sensor, according to Apple.
Face ID has proven more secure than its predecessor, Touch ID, which uses fingerprint sensors to unlock iPhones. Touch ID was defeated within a few days of its 2013 launch.
China-based researcher Wish Wu was scheduled to present a talk entitled “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms” at the Black Hat Asia hacking conference in Singapore in March. Wu told Reuters that his employer, Ant Financial, asked him to withdraw the talk from Black Hat, one of the largest and most prestigious organizers of hacking conferences.
Ant Financial’s Alipay payment system is compatible with facial recognition technologies including Face ID.
Nobody has publicly released details on a successful Face ID hack that others have been able to replicate since Apple introduced the feature in 2017 with the iPhone X, according to biometric security experts. The company has introduced three other Face ID phones: iPhone XS, XS Max and XR.
Wu told Reuters that he agreed with the decision to withdraw his talk, saying he was only able to reproduce hacks on iPhone X under certain conditions, but that it did not work with iPhone XS and XS Max.
“In order to ensure the credibility and maturity of the research results, we decided to cancel the speech,” he told Reuters in a message on Twitter.
An Apple spokesman declined comment.
“The research on the face ID verification mechanism is incomplete and would be misleading if presented,” Ant Financial said in a statement.
Black Hat withdrew an abstract of the talk from its website in late December after Ant uncovered problems with the research.
The abstract claimed that Face ID could be hacked with an image printed on an ordinary black-and-white printer and some tape. The only other claim of a Face ID hack was in 2017 by a Vietnamese cybersecurity company Bkav, which posted it on YouTube videos. Other researchers have not been able to replicate that attack.
Apple’s facial recognition uses a combination of cameras and special sensors to capture a three-dimensional scan of a face that allows it to identify spoofs with photographs or determine if the user is asleep or otherwise not looking at the phone.
It is rare for talks to be pulled from cybersecurity conferences such as Black Hat, whose events are attended by professionals looking to understand emerging hacking threats.
Black Hat told Reuters it had accepted Wu’s talk because Wu convinced its review board he could pull off the hack.
“Black Hat accepted the talk after believing the hack could be replicated based on the materials provided by the researcher,” conference spokeswoman Kimberly Samra said.
Anil Jain, a Michigan State University computer science professor who is an expert on facial recognition, said he was surprised by Wu’s claim because Apple has invested heavily in “anti-spoofing” technology that makes such hacks very difficult.


Russian scientists find defect in new heavy lift space rocket engine

Updated 18 January 2019
0

Russian scientists find defect in new heavy lift space rocket engine

  • The new heavy lift space rocket is capable of carrying more than 20 tons into the orbit
  • Russian President Vladimir Putin said the project is very important for the country's defense

MOSCOW: Scientists have discovered a defect in the engines of Russia’s new flagship heavy lift space rocket that could destroy it in flight, an apparent setback to a project President Vladimir Putin has said is vital for national security.
The Angara A5, which was test-launched in 2014, is being developed to replace the Proton M as Russia’s heavy lift rocket, capable of carrying payloads bigger than 20 tons into orbit. A launch pad for the new rocket is due to open in 2021.
In July, Putin said the Angara A5 had “huge significance” for the country’s defense and called on space agency Roscosmos to work more actively on it and to meet all its deadlines.
The issue with the Angara A5 was brought to attention by scientists at rocket engine manufacturer Energomash in a paper ahead of a space conference later this month.
The paper, reported by RIA news agency on Friday and published online, said the engines of the Angara A5 could produce low frequency oscillations that could ultimately destroy the rocket.
A special valve had been fitted to mitigate the issue, but in some cases the oscillations continued, it said. Energomash did not immediately reply to a request for comment.
Russia’s space program has been dogged by mishaps in recent years, including failed cargo delivery missions into space and the aborted launch in October of the manned Soyuz mission to the International Space Station. Russia’s current heavy lift rocket, the Proton M, has had a nearly 10 percent failure rate in more than 100 launches since it entered service in 2001, creating pressure to reorganize and improve the space program.