Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
August 9, 2019 6:34 AM
|
Forscher haben zwei verschiedene Wege entwickelt, um die von Sensoren für Stimme, Fingerabdruck oder Gesicht verwendete Lebenderkennung des iPhone aushebeln. Eine der Methoden ist technisch aufwändig – die andere erschreckend simpel und für jedermann machbar.
HC Ma von Tencent Security demonstrierte während der Black Hat 2019 die Forschungsergebnisse seiner Kollegen, die mangels Visum nicht selbst vortragen konnten. Die Hacker nahmen sich die Verfahren vor, mit denen Sensoren zur Erkennung von Gesicht, Stimme, Fingerabdruck, Iris oder Handballen feststellen, ob ein lebender Mensch mit ihnen interagiert – oder nur ein Foto beziehungsweise eine Stimmaufzeichnung. Damit setzen sie sich von den Forschern ab, die sich ausschließlich aufs Austricksen der Sensoren an sich konzentrierten, dabei aber Funktionen wie Apples „Aufmerksamkeitsprüfung für Face ID“ außen vor ließen. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID
|
Scooped by
Gust MEES
December 16, 2017 7:24 AM
|
|
Scooped by
Gust MEES
November 28, 2017 2:23 PM
|
Breaking into a locked iPhone X shouldn't ever be described as simple, but according to a group of security researchers, that's exactly where we find ourselves.
The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs.
SEE ALSO: No one agrees on whether or not a dead body will unlock a smartphone
Apple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For most people, however, that security threat is a nonexistent one. But what about masks? The Cupertino-based company assured customers that it had designed the biometric-powered safeguard with that attack in mind — yet the researchers at Bkav are here to rain on that particular parade.
"These materials and tools are casual for anyone." They built a relatively inexpensive mask which, according to a blog post and video demonstration, was able to fool Face ID into unlocking. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID
|
Scooped by
Gust MEES
November 2, 2017 5:15 PM
|
Apple plans to share facial mapping data captured by the iPhone X’s series of front-facing cameras and sensors, according to a report by Reuters. The revelation, contained in a developer agreement detailing the use of Apple’s new facial recognition software, would appear to undermine statements Apple made during the iPhone X reveal back in September. The company’s executives at the time made an effort to placate privacy concerns with talk of strict on-device storage and end-to-end encryption.
However, there’s quite a bit of unpacking to do here regarding what developers actually have access to and under what terms. According to the developer agreement, third-party app makers only have access to the visual facial mapping data, and not the same mathematical representation of it that is used to unlock the iPhone X using Face ID. Apple claims the latter is encrypted on the device itself, so not even its own employees have access to it. Yet developers do still have access to a map of a user’s face as part of the True Depth camera, along with data on as many as 50 facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances. This is how Snapchat’s iPhone X-specific filters, demoed onstage during the phone’s reveal, appear more sophisticated than standard ones. Despite the apparent protections, organizations like the American Civil Liberties Union are concerned that an era of widespread facial recognition technology, no matter the intentions or safeguards of its creator, could yield unexpected results. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first - and sometimes that’s the hard part,” Jay Stanley, an ACLU senior policy analyst, told Reuters. “It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.” Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
September 27, 2017 4:03 PM
|
Apple has given the iPhone X an emergency feature that users can trigger if they're forced by a thief or police to look at the device and unlock it.
Apple says Face ID is even better than Touch ID at thwarting biometric spoofing thanks to the hardware setup.
But just as someone else can force you to put a finger on the home button, they can also force you to look at the phone. So developer Keith Krimbel asked an Apple's senior vice president of software engineer, Craig Federighi, what happens if a thief steals your phone and then points it at your face before taking off?
He posted Federighi's response on Twitter. The iPhone X has you covered with two key mitigations, according to Federighi.
First, it won't unlock unless you stare at the iPhone. Also, if you still have possession of the phone and are asked to give it up, you can grip the buttons on both sides of the phone before you hand it over, which will temporarily disable Face ID.
iOS 11 also introduces a shortcut to disable Touch ID in emergency situations, but it requires five presses on the sleep button. Is Face ID more secure than a passcode? It depends who you ask. If it's a jealous partner who wants to rummage through your text messages, then it's fairly secure. But if it's a government wanting to know who you communicate with, then you're likely tough out of luck. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Privacy
|
|
Scooped by
Gust MEES
August 8, 2019 11:02 AM
|
Researchers were able to bypass Apple’s FaceID using a pair of glasses with tape on the lenses.
LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID. But there is a catch. Doing so requires the victim to be out cold.
Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers demonstrated how they could bypass Apple’s FaceID in a specific scenario. The attack itself is difficult, given the bad actor would need to figure out how to put the glasses on an unconscious victim without waking them up.
To launch the attack, researchers with Tencent tapped into a feature behind biometrics called “liveness” detection, which is part of the biometric authentication process that sifts through “real” versus “fake” features on people. It works by detecting background noise, response distortion or focus blur. One such biometrics tool that utilizes liveness detection is FaceID, which is designed and utilized by Apple for the iPhone and iPad Pro. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID
|
Scooped by
Gust MEES
November 28, 2017 3:41 PM
|
VIETNAMESISCHE SICHERHEITSFORSCHER: Neue Maske soll iPhone X sofort entsperren
Die Maske, mit denen Forscher des vietnamesischen Anbieters Bkav ein iPhone X überlistet haben, ist überarbeitet worden. Die neue Version soll die Entsperrung über Face ID ermöglichen, ohne dass das iPhone X angelernt werden muss.
Mitarbeiter des vietnamesischen Sicherheitsanbieters Bkav wollen mit einer neuen Maskenversion Apples Face ID leichter als bisher überlisten können und warnen davor, die Gesichtserkennung im geschäftlichen Bereich zu nutzen - weil diese so unsicher sei.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID
|
Scooped by
Gust MEES
November 3, 2017 12:44 PM
|
MIMIKERKENNUNG: Apples Face-ID gefällt nicht nur grinsenden Einhörnern Amerikanische Bürgerrechtler sind besorgt darüber, dass App-Entwickler die Mimikerkennung des iPhone X auch für unlautere Zwecke verwenden könnten. Apple untersagt dies zwar, macht aber nur Stichproben.
Die Gesichtsdaten, die zum Freischalten des neuen iPhone X verwendet werden, sollen sicher auf dem Smartphone gespeichert werden.
Wie Reuters berichtet, dürfen Entwickler die durch Face ID gewonnenen Gesichtsdaten auch außerhalb des iPhones speichern. Bürgerrechtler befürchten, App-Entwickler könnten die Daten nutzen, um Reaktionen beispielsweise auf Werbeanzeigen in Apps zu messen. Entwickler können theoretisch überwachen und speichern, wie oft Benutzer blinzeln, lächeln oder ihre Augenbrauen heben. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID
|
Scooped by
Gust MEES
September 27, 2017 4:12 PM
|
“People were handling the device for the stage demo ahead of time and didn’t realize Face ID was trying to authenticate their face," the rep told Yahoo. "After failing a number of times, because they weren’t Craig [Federighi], the iPhone did what it was designed to do, which was to require his passcode."
Theres's a few things to unpack in that statement. The spokesperson is copping to the fact that the iPhone X frequently scans faces in search of a match. This semi "always on" nature of Face ID is a huge red flag for privacy experts. What's more, if even Apple employees can't figure out how to handle the phone without locking out their boss on the company's biggest day of the year then clearly there's a usability issue.
This, combined with the security and privacy one must forfeit in order to use the technology, is more than enough to turn me off to the supposed revolution that Face ID represents. A password, at its core, is supposed to protect your data from a wide range of threats while still being practical. The latest offering from Apple just doesn't cut it. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Privacy
|
Scooped by
Gust MEES
September 27, 2017 3:52 PM
|
Could you prevent someone stealing your iPhone X? According to Apple's software engineering chief Craig Federighi, there are two mitigation options: don't stare at the phone (Face ID is 'attention aware' so only unlocks after eye contact) or grip to press buttons on both sides of the device to temporarily deactivate face recognition.
Both require an optimistic -- even unrealistic -- response to being confronted by a criminal or cop, a scary situation where your adrenaline is pumping and you might not have the presence of mind to remember to disable Face ID. And is it worth risking your life if a mugger with a knife or gun orders you to unlock your phone?
As Schiller correctly stated, "There's no perfect system, not even biometric ones." That still doesn't answer the question of whether biometrics are more secure though. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Privacy
|
Forscher haben zwei verschiedene Wege entwickelt, um die von Sensoren für Stimme, Fingerabdruck oder Gesicht verwendete Lebenderkennung des iPhone aushebeln. Eine der Methoden ist technisch aufwändig – die andere erschreckend simpel und für jedermann machbar.
HC Ma von Tencent Security demonstrierte während der Black Hat 2019 die Forschungsergebnisse seiner Kollegen, die mangels Visum nicht selbst vortragen konnten. Die Hacker nahmen sich die Verfahren vor, mit denen Sensoren zur Erkennung von Gesicht, Stimme, Fingerabdruck, Iris oder Handballen feststellen, ob ein lebender Mensch mit ihnen interagiert – oder nur ein Foto beziehungsweise eine Stimmaufzeichnung. Damit setzen sie sich von den Forschern ab, die sich ausschließlich aufs Austricksen der Sensoren an sich konzentrierten, dabei aber Funktionen wie Apples „Aufmerksamkeitsprüfung für Face ID“ außen vor ließen.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID