Posted on 11/13/2017 12:00:42 PM PST by ImJustAnotherOkie
Using a 3D printer, the team at Vietnamese security firm Bkav created a mask that managed to fool Apples Face ID authentication system.
Using a composite 3D-printed mask, a team of Vietnamese researchers claim to have fooled Apple's Face ID authentication system in "super-premium" iPhone X, stressing that face recognition is "not mature enough" to guarantee security for smartphones.
At iPhone X launch event, Apple's Senior Vice President Phil Schiller had claimed that Face ID can distinguish human's real face from masks, thanks to its artificial intelligence (AI).
Using a 3D printer, the team at Vietnamese security firm Bkav created a mask that cost them $150.
"Nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition nine years ago). The skin was also hand-made to trick Apple's Artificial Intelligence," Bkav said in a blog post.
"The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID," said Ngo Tuan Anh, Bkav's Vice President of Cyber Security.
The Bkav security experts who also posted a video on how they did this, said that Face ID can be fooled by mask, which means it is not an effective security measure.
In 2008, Bkav was the first company in the world to show that face recognition was not an effective security measure for laptops when Toshiba, Lenovo and Asus used this technology for their products.
"Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it," the firms said on its FAQ page.
"In the future, we might use smartphones with 3D scanning capabilities (like Sony XZ1); or set up a room with a 3D scanner, a few seconds is enough for the scanning (here's an example of a 3D scanning booth)," it added.
Face ID projects more than 30,000 invisible IR dots and claims to only unlocks iPhone X when customers look at it and is designed to prevent spoofing by photos or masks.
Apple's Face ID technology uses a TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognise a face.
According to the firm, the recognition mechanism is not as strict as one thinks and Apple seems to rely too much on Face ID's AI.
"We just need half a face to create the mask. It was even simpler than we ourselves had thought," Bkav said.
According to the firm, if exploited, Face ID can create problem.
It’s a slippery slope.
Someone needs to nip this in the bud.
I think you’re putting the wrong slant on it.
Face ID beaten by mask, not an effective security measure (with Video)
You mean Wong Slant?
Not true. iPhone X 3d facial recognition includes an iris scan.
We’ll see, there were reports of loosening up for manufacturing reasons and that may have been jettisoned. Apple msy have be less than candid.
Depends how you orient the phone.
Both good ones! Sometimes you almost forget how much fun being politically incorrect used to be. The Wi Tu Lo and Sum Ting Wong jokes when the Asian pilots crashed that jumbo jet a few years ago were great. We need more of this stuff!
... or hold obama's phone up to my ass and stop global warming?
First of all, their VP of Cyber Security is swiping up immediately as soon as the enter passcode screen appears when the iPhone X comes on . . . but THAT IS NOT WHAT HAPPENS when an iPhone X comes on.
The passcode screen appears only when you want to enter the passcode if you are not going to open it without FaceID by swiping up and then waiting from the normal lock screen after it does not recognize your face. It does NOT appear just when you start the iPhone X. It will only appear when there is a problem with FaceID or you have not trained the iPhone X for FaceID.
Secondly, I noted is Bkav stated they were going to have a FaceID mask WITHOUT a passcode. SAY WHAT? That is not possible. Apple has programed the iPhone X to not allow a FaceID without a passcode as a safety fall back.
Thirdly, I watched the lock at the top of the screen. . . and it NEVER, EVER ANIMATED the UNLOCK motion of a padlock unlocking. He just quickly swiped up and the ten key unlock screen disappeared to reveal the home screen as if he had actually unlocked the screen. On my iPhone X, if I attempt to swipe up before that padlock unlocks, it is not unlocked. And my lock screen bounces back down. His motion is TOO QUICK to see what is actually happening.
Fourthly, the FAQ above about "covering half your face and it still works" is completely bogus". I just sat here and covered various halves of my face and the lock shook "NO" each time and refused to unlock with each half covered, no matter what half I had covered. So, they lied.
As Judge Judy says, you lie in one part of your testimony, all must be suspect.
Fifthly, the claim that a working 3D mask could be made from a photograph is entirely bogus. No mere artist working from a photo can ever construct a truly accurate 3D image of the real person the photo imaged. It is just not possible. There are just too many variables. Yet, Bkav tosses this off as something easy.
Sixth, the masks that Apple created to do their testing were far more sophisticated than Bkav's mask. These professional mask makers made masks that are indistinguishable from their models, down to the micrometer and they failed to unlock FaceID. Bkav making their mask's nose out of silicone by hand, especially ad hoc, means NOTHING dispositive because the infrared light is not going to treat it differently than it would a real nose, makeup, or any other surface. This is just bogus magician's patter, misdirection, by use of techy terms, just as is the claim of "using an artist to make the skin surface," to sound like it was really important to make a mask that was "so complex" to "fool the AI."
Seventhly, say that again: "Fool the AI"? The "AI" is a fast calculating Neural Engine that can do 600 billion calculations per second to adjust for every possible angle the face may be looking at the sensor and comparing to the reference face data.
Eighthly, one of the things FaceID is looking for is an actual look from the user's eyes toward the sensor. . . something a MASK, especially one mounted as this one is, with fake eyes, cannot do.
Ninthly, the amount of time it would take to make such a mask to target any individual iPhone X user is most longer than the maximum 48 hours FaceID would likely be available to unlock the device on a trial and error testing that such a mask obviously holds. . . during which time it could be disabled in minutes by FindMyiPhone if stolen or lost. Any of the targets they list were arrested, kidnapped, or compromised, etc., they'd be smart to have someone trusted left, say their attorneys, with instructions to brick their iOS devices they have with them. So much for this as a security issue.
Finally, this is a company that is NOT a security firm. They are a company that SELLS a competing ANDROID PHONE. . . one that uses a fingerprint sensor for security, these claims are really suspect. . . and they are attempting to push their phone's security as being much more secure than Apple FaceID.
From all of the above, I think that it appears that what they are doing here is bringing up a static screen shot of the passcode entry screen and merely swiping up to reveal the home screen. The timing is right, the speed is right, and the motive is there.
This is the typical approach of a marketing ploy of a company with something to sell smearing the more secure competitor claiming they've found a way around their competitor's security. . . by spreading Fear, Uncertainty, and Doubt.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
The title is the only thing that made it worth posting.
You have to be awake and actually look at the sensor for it to unlock. I've tried to have my iPhone X unlock with my eyes closed, or even open without looking at it, and it will not unlock. It detects when the user actually makes eye contact with the sensor.
That is one of the critiques I made on this claim by Bkav's supposed mask hack. Wired attempted to do the same thing with professionally made masks, or the masks that Apple had made by Hollywood mask makers that were indistinguishable from the actual people. . . and had eyes that moved. The Bkav claims were full of technical gobbledegook that totals to NOTHING. It was the equivalent of a magician's patter, intended to distract from the actual lack of evidence.
There claims on their mask are completely bogus too:
They claim that the nose being made out of silicone somehow makes a difference (Wired tried masks made of silicone along with four other materials), especially when their VP of Cyber Security states that they just sort of cobbled an ad hoc version of their tech's nose together when the accurate 3D printed one didn't work, and that an "artist" applied the skin texture on the rest of the surfaces, as if an artist's interpretation of skin, were somehow better than a machine accurate creation were not.
Bkav claimed they noticed that they could cover half of the user's face and it would iPhone X would still unlock, i.e. only half a face would work. That was the key to creating their mask. I have tried that multiple times on my iPhone X and it DOES NOT WORK. No matter what part of my face I cover with a block, it will not open with half of my face covered. Their claim is BOGUS. The only way it would work is if the TRAINED the phone to work with a half face.
Many critics of their demo are pointing out that on opening the iPhone X, doesn't come open to a normal iPhone lock screen, but instead opens on the passcode entry screen which is NOT at all normal behavior of the OS. In addition, Bkav claims they set FaceID up without a passcode. . . but iOS will NOT permit a user to setup FaceID WITHOUT a safety backup PASSCODE, because if FaceID fails to unlock the device, you must be able to unlock the device with a passcode!
The Demo opens on a passcode screen, prima facie evidence the lied about there being no passcode. . . which you would not see if there were no passcode.
I think all the demo shows is a screen grabbed image of the passcode entry screen and swiping up of the photo app to the home screen of an already runlocked iPhone.
That's a different war. . .
Apple is seldom completely candid on security details. But in this case they did not jettison anything in the FaceID. What was claimed about "loosening up" was going for fewer dots in the infrared projector and sensor. That they did not do.
What is done is a sensor that requires the user to actually LOOK at the phone. I've tried to unlock my iPhone X without looking at it and it simply will not do it. I've tried full face with my eyes looking elsewhere, eyes closed, eyes down, etc. and it refuses to unlock until I actually look at the screen. Then, and only then will it unlock. That's one of the reasons I really doubt Bkav's claims for the mask; it has no eyes to look at the screen. . . add that to the fact that the padlock icon NEVER animates the bail in their demo when it should!
Thanks for that. Now I can explain to my kid & he might actually think I know something.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.