Black Hat presentation on spoofing Face ID cancelled over incomplete research
A presentation on defeating Apple’s Face ID biometrics scheduled for Black Hat Asia in March has been cancelled after the presenting security researcher was asked by his employer to withdraw it, according to Reuters.
Researcher Wish Wu was scheduled to give a talk titled “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms,” but his employer Ant Financial asked him to withdraw the presentation, saying it is “incomplete,” and if presented in its current form could be “misleading.” Payments through Ant Financial can be secured with facial recognition, including Face ID.
No hack has been successfully performed and reproduced against Face ID since it was released in 2017, Reuters reports, but a successful spoof attack against its iPhone biometric predecessor Touch ID was confirmed shortly after its release in 2013.
Wu told Reuters that he agreed with the decision to withdraw, and that he could only reproduce the hacks against the iPhone X, not the iPhone XS or XS Max, and only under certain conditions. The abstract of the presentation, which was withdrawn from the Black Hat website in late December, said that an image printed on a normal black-and-white printer, along with some tape, could be used to defeat Face ID.
Vietnamese security company Bkav posted a purported Face ID hack to YouTube in 2017, but the hack has not been replicated by other researchers.
“Black Hat accepted the talk after believing the hack could be replicated based on the materials provided by the researcher,” conference spokeswoman Kimberly Samra told Reuters. Michigan State University professor and biometrics expert Anil Jain said he was surprised by the claim because of Apple’s heavy investment in anti-spoofing technology.
Black Hat Asia 2019 will be held in Singapore in March.
A Forbes reporter recently used a custom 3D-printed head to perform successful spoof attacks on several Android facial recognition systems, but could not fool Face ID. Next generation iPhones are expected to include a more powerful flood illuminator to reduce failed unlock attempts.
ISO provides certification for Presentation Attack Detection (PAD) for facial and other biometrics through labs such as iBeta, and FaceTec scored a perfect score on its Level anti-spoofing test in 2018.