Questioning is not very efficient. Just force them to sleep (by medicines or punching) and make them wear the X-glasses...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Demonstrated Method for Bypassing Face ID on an 'Unconscious' Victim's iPhone Using Glasses and Tape
- Thread starter MacRumors
- Start date
- Sort by reaction score
Questioning is not very efficient. Just force them to sleep (by medicines or punching) and make them wear the X-glasses...
Yes 4x is absolutely marginal in this context. You think there's a practical difference between being willing to try something once and being willing to try it 4 times?
Even adding a single digit to a PIN gives you a 10x increase, so you think 4x deserves a notch and ~$100 increase in phone price?
Plus even 4x assumes a completely random person trying to access your phone. Just having someone be the same gender, age, and skin colour already crashes that statistic.
Why don't they just have some dude point a gun at you and tell you to give them the passowrd? that might be a little easier than disappearing with someone for hours and making them unconscious.
Hell, in some places thieves are even telliing the victims to give them the iCloud password when stealing their phones (at gunpoint of course).
I am writing all of this in the frame of hacking biometric security on phones...
First, in the world of physical security, it's commonly known that locks are best at keeping honest people honest. If you have something desirable to unscrupulous people, you need better levels of security. In contrast, increased security often means decreased convenience.
Second, the best thing to steal would be something that has value and is undervalued and/or under-protected by the owner. I think that the personal data adsorbed by our technology qualifies as undervalued to most users. And just look at how many people are sloppy in protecting their phones from theft.
Third, let's consider the thief. If I want to get the biggest bang for my buck, I need a decent risk/reward ratio. How much profit can I make from a single iPhone hack? How many hacks do I have to do before I score? The harder Apple makes it to hack an iPhone, the less I'm inclined to bother. Or is the phone worth more than the data that's on it?
Fourth, let's consider software for a second. If this were a networking software bug that could, under a very specific situation, allow someone to access your computer, you would probably want Apple to fix it, because eventually (if they haven't already) someone is going to figure out the upper and lower bounds of the bug and find a way to exploit it.
Finally, look at the entire iPhone security ecosystem. You have to be intentional about securing your phone! You have to turn security on! Set up a pass code, set a fingerprint, set a FaceID. If you go through all that effort, it's kind of sad if it can be bypassed with some tape and glasses (yes, I'm exaggerating). Kind of like the $400 security lock that can be opened with a magnet in about 2 seconds (no, I'm not exaggerating this time!). So it seems like a no-brainer that white hat hackers should try to break this stuff and Apple should continue to improve it.
So in the end, yes, this is kind of a big deal. As we rely more and more on our phones to hold our data, as our phones become more of a target to theft because of that data, and as we become more reliant on biometrics to secure that data, increasing the security of biometrics is critical.
First, in the world of physical security, it's commonly known that locks are best at keeping honest people honest. If you have something desirable to unscrupulous people, you need better levels of security. In contrast, increased security often means decreased convenience.
Second, the best thing to steal would be something that has value and is undervalued and/or under-protected by the owner. I think that the personal data adsorbed by our technology qualifies as undervalued to most users. And just look at how many people are sloppy in protecting their phones from theft.
Third, let's consider the thief. If I want to get the biggest bang for my buck, I need a decent risk/reward ratio. How much profit can I make from a single iPhone hack? How many hacks do I have to do before I score? The harder Apple makes it to hack an iPhone, the less I'm inclined to bother. Or is the phone worth more than the data that's on it?
Fourth, let's consider software for a second. If this were a networking software bug that could, under a very specific situation, allow someone to access your computer, you would probably want Apple to fix it, because eventually (if they haven't already) someone is going to figure out the upper and lower bounds of the bug and find a way to exploit it.
Finally, look at the entire iPhone security ecosystem. You have to be intentional about securing your phone! You have to turn security on! Set up a pass code, set a fingerprint, set a FaceID. If you go through all that effort, it's kind of sad if it can be bypassed with some tape and glasses (yes, I'm exaggerating). Kind of like the $400 security lock that can be opened with a magnet in about 2 seconds (no, I'm not exaggerating this time!). So it seems like a no-brainer that white hat hackers should try to break this stuff and Apple should continue to improve it.
So in the end, yes, this is kind of a big deal. As we rely more and more on our phones to hold our data, as our phones become more of a target to theft because of that data, and as we become more reliant on biometrics to secure that data, increasing the security of biometrics is critical.
It’s marginal to you, not marginal to me. One in 50,000 is not marginally worse than one in 200,000 or one in one million.
Just admit you don’t know the actual statistic about same gender, etc because outside of YouTube there are little verified cases. So in essence the random statistic still stands. Even with the latest revelation the execution aspect is very difficult making this exploit impractical. I’m still waiting for a real world Face ID breach.
Face ID (with notch)> Touch ID> passcodes.
Face ID is more secure. Apple even said so when the iPhone X was released.
Haha, but seriously, who even sleeps on their backs with their face upwards? My face is partly covered by the pillow when I sleep.
[doublepost=1565376788][/doublepost]
Haha, but seriously, who even sleeps on their backs with their face upwards? My face is partly covered by the pillow when I sleep.
FaceID also does not require a sleeping human to unlock, I can simply point a weapon at you and force you to unlock the device either by FaceID or entering your pin. After that is done, disfigure your face and FaceID will not matter. Heck I don't even need a weapon I can just use physical violence.
Not that I am going to do that, I am just making a point.
[doublepost=1565377295][/doublepost]
What increases security is a passcode and that has been available before biometrics and is used as a backup when TouchID and FaceID fail.
.FaceID also does not require a sleeping human to unlock, I can simply point a weapon at you and force you to unlock the device either by FaceID or entering your pin. After that is done, disfigure your face and FaceID will not matter. Heck I don't even need a weapon I can just use physical violence.
Not that I am going to do that, I am just making a point.
[doublepost=1565377295][/doublepost]
What increases security is a passcode and that has been available before biometrics and is used as a backup when TouchID and FaceID fail.
What if people refuse, I mean who would kill someone over a phone and its data? People tend to think the other way around: who would die for a phone and its data? Even after an attacker has unlocked your phone, the moment they leave you can log into iCloud on any computer and erase it.
I am pretty sure if I twist your limb and you are in pain you will give up anything I ask for. If someone is really after your data their will have a computer present to make a quick backup, at that point erasing your iCloud backup is pointless and that is considering if you still have functioning fingers.
I was just about posting exactly the same Image... !Sunglasses? You need to step up your game and get the always awake glasses.
Most of these hypothetical violent situations have little to do with the real world security of Face ID, which is good enough to keep out unwanted intruders.I am pretty sure if I twist your limb and you are in pain you will give up anything I ask for. If someone is really after your data their will have a computer present to make a quick backup, at that point erasing your iCloud backup is pointless and that is considering if you still have functioning fingers.
Hypothetical or not, I was making a point that even a passcode or password can be defeated with ease. Real world security, what utopia are you living in, most people willingly provide their information via social media platforms, think your banking information is safe, how about your credit and personal information, think again all have been hacked some with ease others with little effort. Unwanted intruders, think again you are just not the prime target yet, you may have been an unintentional one through a data breach.
FaceID even TouchID will do nothing if I am able to obtain your passcode or go through other hacking methods. Individual vigilance is key, these are just processes to give people a false sense of security.
Has Mission Impossible taught you nothing.
Tencent? Hmm.
What are those Chinese doing? Providing bypass to police?
[doublepost=1565383319][/doublepost]
And yes. Be vigilant, careful about what you have sent through.
What are those Chinese doing? Providing bypass to police?
[doublepost=1565383319][/doublepost]
Maybe, cause who learns stuff from movies anyway? Way too difficult to do.Hypothetical or not, I was making a point that even a passcode or password can be defeated with ease. Real world security, what utopia are you living in, most people willingly provide their information via social media platforms, think your banking information is safe, how about your credit and personal information, think again all have been hacked some with ease others with little effort. Unwanted intruders, think again you are just not the prime target yet, you may have been an unintentional one through a data breach.
FaceID even TouchID will do nothing if I am able to obtain your passcode or go through other hacking methods. Individual vigilance is key, these are just processes to give people a false sense of security.
Has Mission Impossible taught you nothing.
And yes. Be vigilant, careful about what you have sent through.
And hands may be covered under quilt or something else, you need to drag both hands to expose fingers without waking them up. Seems that using this on a dead man/woman makes better sense.
Tencent is an interesting company, they app is like an OS running as an app.
The question is what are they not doing.
Art imitates life and vice versa.
Some man-in-the-middle attacks and some shady companies such as Fb, there is only so much one can do other than go off-grid. Most people are clueless and just buy into the marketing hype, just because Apple, Google, Amazon, etc says so then those companies are looking out for our best interest and have a reputation to uphold. /s Dreamworld head in the sand thinking.
[doublepost=1565384774][/doublepost]
FaceID and TouchID have never been a replacement to a passcode or password, it is just a secondary convenience feature. If it was the primary we would not need a fall back passcode to be entered when both do not recognize or fail. People just do not want to face reality.
So Mission Impossible is now the benchmark?Hypothetical or not, I was making a point that even a passcode or password can be defeated with ease. Real world security, what utopia are you living in, most people willingly provide their information via social media platforms, think your banking information is safe, how about your credit and personal information, think again all have been hacked some with ease others with little effort. Unwanted intruders, think again you are just not the prime target yet, you may have been an unintentional one through a data breach.
FaceID even TouchID will do nothing if I am able to obtain your passcode or go through other hacking methods. Individual vigilance is key, these are just processes to give people a false sense of security.
Has Mission Impossible taught you nothing.
If you concerned about protecting your phone from snatch and grab, real world security is good enough. If the benchmark is a violent encounter and that is ones concern, than don't carry the phone or hire body guards. If the benchmark is the government, might as well not carry a phone. So instead of citing some hypothetical situation, what are the statistics of entry into any phone via violence. I'm sure it happens, but...not a likely real world scenario in my opinion.
It's like locks keep only honest people out.
[doublepost=1565385250][/doublepost]
It depends on the passcode, so your "fixed it for you" may not be accurate.
Apple says face id more secure, and this is about face id. Both biometrics have been defeated, but require physical access and a hard to execute plan.
Always cracks me up at what lengths one has to do to gain access to someones phone with these news articles...lol.
i know, i'm saying what's the big deal of this discovery? Touch ID is less secure, yet many Android devices and MacBooks still have them. Face ID is more secure even with this exploit.
