Apple iPhone X FaceID Compromise By 3D Mask? or FUD
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
First of all, their VP of Cyber Security is swiping up immediately as soon as the enter passcode screen appears when the iPhone X comes on . . . but THAT IS NOT WHAT HAPPENS when an iPhone X comes on.
The passcode screen appears only when you want to enter the passcode if you are not going to open it without FaceID by swiping up and then waiting from the normal lock screen after it does not recognize your face. It does NOT appear just when you start the iPhone X. It will only appear when there is a problem with FaceID or you have not trained the iPhone X for FaceID.
Secondly, I noted is Bkav stated they were going to have a FaceID mask WITHOUT a passcode. SAY WHAT? That is not possible. Apple has programed the iPhone X to not allow a FaceID without a passcode as a safety fall back.
Thirdly, I watched the lock at the top of the screen. . . and it NEVER, EVER ANIMATED the UNLOCK motion of a padlock unlocking. He just quickly swiped up and the ten key unlock screen disappeared to reveal the home screen as if he had actually unlocked the screen. On my iPhone X, if I attempt to swipe up before that padlock unlocks, it is not unlocked. And my lock screen bounces back down. His motion is TOO QUICK to see what is actually happening.
Fourthly, the FAQ above about "covering half your face and it still works" is completely bogus". I just sat here and covered various halves of my face and the lock shook "NO" each time and refused to unlock with each half covered, no matter what half I had covered. So, they lied.
As Judge Judy says, you lie in one part of your testimony, all must be suspect.
Fifthly, the claim that a working 3D mask could be made from a photograph is entirely bogus. No mere artist working from a photo can ever construct a truly accurate 3D image of the real person the photo imaged. It is just not possible. There are just too many variables. Yet, Bkav tosses this off as something easy.
Sixth, the masks that Apple created to do their testing were far more sophisticated than Bkav's mask. These professional mask makers made masks that are indistinguishable from their models, down to the micrometer and they failed to unlock FaceID. Bkav making their mask's nose out of silicone by hand, especially ad hoc, means NOTHING dispositive because the infrared light is not going to treat it differently than it would a real nose, makeup, or any other surface. This is just bogus magician's patter, misdirection, by use of techy terms, just as is the claim of "using an artist to make the skin surface," to sound like it was really important to make a mask that was "so complex" to "fool the AI."
Seventhly, say that again: "Fool the AI"? The "AI" is a fast calculating Neural Engine that can do 600 billion calculations per second to adjust for every possible angle the face may be looking at the sensor and comparing to the reference face data.
Eighthly, one of the things FaceID is looking for is an actual look from the user's eyes toward the sensor. . . something a MASK, especially one mounted as this one is, with fake eyes, cannot do.
Ninthly, the amount of time it would take to make such a mask to target any individual iPhone X user is most longer than the maximum 48 hours FaceID would likely be available to unlock the device on a trial and error testing that such a mask obviously holds. . . during which time it could be disabled in minutes by FindMyiPhone if stolen or lost. Any of the targets they list were arrested, kidnapped, or compromised, etc., they'd be smart to have someone trusted left, say their attorneys, with instructions to brick their iOS devices they have with them. So much for this as a security issue.
Finally, this is a company that is NOT a security firm. They are a company that SELLS a competing ANDROID PHONE. . . one that uses a fingerprint sensor for security, these claims are really suspect. . . and they are attempting to push their phone's security as being much more secure than Apple FaceID.
From all of the above, I think that it appears that what they are doing here is bringing up a static screen shot of the passcode entry screen and merely swiping up to reveal the home screen. The timing is right, the speed is right, and the motive is there.
This is the typical approach of a marketing ploy of a company with something to sell smearing the more secure competitor claiming they've found a way around their competitor's security. . . by spreading Fear, Uncertainty, and Doubt.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Who would go to the trouble of making such a mask though? And how would they do it without you knowing something was up?
Thanks for posting this bro.
"We're professionals. Don't try this at home. It won't work for you, because you're not a professional..."