So much for the security of Apple Iphone X face ID

originally posted by: jedi_hamster
doesn't it feature IR-based depth sensor? in such case, it can detect the distance (so it can calculate the actual size of the face, based on the distance), and it should be able to do it in the darkness. the face scan is 3d, otherwise a simple photo would work.

Facial sizes change over time with people who are growing. I don't know how the Apple system is working specifically, but usually facial ID (and fingerprint for that matter) creates a series of vectors along an object using eigenvectors. Beyond that it's a bit of a mystery to me since I only know the very basics of computer vision. To answer your question though, it checks depth, but it's depth between different points on the face, not distance from the camera. So depth is all relative to a specific point (probably the point closest to the camera). That's why a photograph won't work.

originally posted by: norhoc
a reply to: Azureblue

Where do you get , from my post, that I seem to want more government control over my life? You could not be further from the truth. Perhaps take a reading comprehension course and quit making assumptions

You implied the phone maker should have done a much better job of recognizing the persons face looking at the phone camera. Why the hell would you want that?

I wish I could find an Iphone 1 thats in working order and learn how to fix it and keep it working indefinately.

I have a realtively new phone and I made the mistake of the doing an 'update' 1gb worth. Now I get a nag screen saying i need to do 'x' to start uploading data to the cloud?

WTF would i want to upload my phone data to the cloud so all the wrorlds security agencies can burgle it and take a copy of everyhing.

Computer updates, phone updates, tablet updates and christ knows what other updates ... people must be mad if they think the 'security updates' are about their security.

a reply to: Azureblue

If you don't want to use a smartphone, why use one? You do know you can still buy fliphones right?

$50 for this
www.verizonwireless.com...

Can buy a plan for it that includes unlimited talk and text with some data (you won't use much with this) for $15 a month.

originally posted by: Aazadan
a reply to: Azureblue

If you don't want to use a smartphone, why use one? You do know you can still buy fliphones right?

$50 for this
www.verizonwireless.com...

Can buy a plan for it that includes unlimited talk and text with some data (you won't use much with this) for $15 a month.

I was given the phone I have, and I was only saying to someone the other day that when this on claps out I might go back to a non smart phone.

a reply to: Aazadan

Really?

ccc broke fingerprint ID over a decade ago and demonstrated it on apple-id in 2013 or 2014.
-> you can copy fingerprints from photos. ccc got a fingerprintcopy of a german politican from a waterglas using tape and glue.

face biometrics at least how it´s done currently worldwide on the data creating part is a joke. Most photographers you go to that take biometric "ready" passport photos do so by using photoshop and the like and a layered mask using transformations on your face. And that´s state/governmental "security level", it´s a joke.

This may change with very high resolving optic cameras or even using some other spectrums and methods like counting liver spots and such or performing a certain facial expression. This will be admited someday in the future and that´s when chips will get promited. Mark my words.

originally posted by: verschickter
ccc broke fingerprint ID over a decade ago and demonstrated it on apple-id in 2013 or 2014.
-> you can copy fingerprints from photos. ccc got a fingerprintcopy of a german politican from a waterglas using tape and glue.

Just because it's been broken doesn't mean it's not more secure. A 2 bit vs 4 bit password is much less secure even though both are trivial to break.

a reply to: Aazadan

Not sure what you mean with 2bit password (it would give you 4 posibilities). About the not more secure part, I beg to differ. Biometrics can be taken from you, the password you store in your own memory not. It can only be guessed*. It´s not something you can copy or tamper with.

biometrics however, allow this additional vector of attack.

*or watched while typed in, you get the drift.

originally posted by: verschickter
Not sure what you mean with 2bit password (it would give you 4 posibilities).

That's precisely what I meant. A password that has 2 bits in length has 4 possibilities, a password that has 4 bits has 16 possibilities. A 4 bit password is therefore more secure than a 2 bit password. Just because both are trivial to break doesn't mean that one isn't more secure than the other though. Fingerprint ID's are no different. They have been broken, but they're still more secure than a 4 or 6 digit passcode.

What you're really looking at with any of these systems, is the ability for the general public to gain access, and the hassle for an authorized user to gain access. Biometrics are great for that.

None of these systems will keep a government out, or any professionals with a lot of time with the device.

a reply to: Aazadan
You mix up the terms "bit" and "digit". And then you also confuse digits with chars. That´s why I was a bit confused. Pun intended.

What you're really looking at with any of these systems, is the ability for the general public to gain access, and the hassle for an authorized user to gain access. Biometrics are great for that.

Undoubtly but I saw them fail often. In terms of refusing access. So the false alarm rate with biometrics is also higher. There is a reason why my old employee switched back from fingerprints+swipe, to swipe + key. Because the damn things never work, if it has a multitude of users. I "hated" them.

originally posted by: verschickter
You mix up the terms "bit" and "digit". And then you also confuse digits with chars. That´s why I was a bit confused. Pun intended.

I didn't mix up the terms at all. A 2 bit password has the options 00, 01, 10, 11. A 4 digit passkey such as what's used on an iphone has the options 0-9999 which is a 10 bit key.

A passkey has to continually be typed in, it's a huge pain in the ass. The fingerprint reader is much more convenient. It's also a good deal more secure, as one can unlock their own device and hand it to someone else to use for a one time event, but is unable to give away a physical number which could allow access in the future as well.

a reply to: norhoc

originally posted by: Aazadan

originally posted by: verschickter
Not sure what you mean with 2bit password (it would give you 4 posibilities).

That's precisely what I meant. A password that has 2 bits in length has 4 possibilities, a password that has 4 bits has 16 possibilities. A 4 bit password is therefore more secure than a 2 bit password. Just because both are trivial to break doesn't mean that one isn't more secure than the other though. Fingerprint ID's are no different. They have been broken, but they're still more secure than a 4 or 6 digit passcode.

What you're really looking at with any of these systems, is the ability for the general public to gain access, and the hassle for an authorized user to gain access. Biometrics are great for that.

None of these systems will keep a government out, or any professionals with a lot of time with the device.

Finger print ID's are not more secure at all unless you wear gloves when you touch anything. Drinking a soda at the mall? Throw it in the garbage, bam -- got your password.

It's tremendously easier to get a hold of someones fingerprint than it is a string of random characters. Biometrics are not more secure, this is a bridge they sell to get your metrics.

originally posted by: Aazadan

originally posted by: verschickter
You mix up the terms "bit" and "digit". And then you also confuse digits with chars. That´s why I was a bit confused. Pun intended.

I didn't mix up the terms at all. A 2 bit password has the options 00, 01, 10, 11. A 4 digit passkey such as what's used on an iphone has the options 0-9999 which is a 10 bit key.

A passkey has to continually be typed in, it's a huge pain in the ass. The fingerprint reader is much more convenient. It's also a good deal more secure, as one can unlock their own device and hand it to someone else to use for a one time event, but is unable to give away a physical number which could allow access in the future as well.

What? Literally anything you touch is a copy of the passcode that will allow me future access. Better be wearing gloves and never put a finger to anything, otherwise you're just leaving your password everywhere you go.

All you gotta do is lift it with tape. It's stupid simple, and we've been lifting prints for hundreds of years. For passwords? You have to brute force it [which means trying every possibility] or just our right guessing it, brute force is basically impossible with modern encryption, while possible, it's impractical at the 512bit+ range.

You will never beat an enigma machine in principle. Passwords and bit encryption will always remain the safest and most secure. They are more secure than physical dongles and keys.

Biometrics like voice printing can be faked really easy with pitch correction or even out right impersonation. Hand prints or eye scans don't keep someone out who has captured you, they will cut your hand off or your eye out. Bit encryption can keep them brute forcing for YEARS and may never actually get in.

a reply to: SRPrime

That's all well and good, but the use case we're talking about here is a phone. A random coworker or person at a party who wants to snoop through your stuff isn't going to be able to lift a print and get access to your device. A security agency? Sure. But that's not what they're being engineered to secure against.

heard hackers could with 150dollar create a mask to immitate and unlock the phone.

#
does this # sellingt or not? in the moment ?

originally posted by: sedna9
heard hackers could with 150dollar create a mask to immitate and unlock the phone.

#
does this # sellingt or not? in the moment ?

That is doable. Now find a hacker whose going to steal your phone, get a 3d scan of your face, use that scan to get a mask shipped to them, and then get into your phone before you can report it stolen.

If you're carrying government secrets on your phone that might be a concern. If you're an every day person? It's not an issue.

a reply to: Aazadan

Have you ever been using facial or fingerprint ID on a regular basis that is not your smartphone or notebook? With that, I mean hundreds of readers in a work environment, at work, where things have to function because time is money.

That´s what sorts out industrial, commercial and home-gamer hardware and even the industrial systems are a pain in the ass. Those things have to be serviced, every terminal, unlike a cardreader+pin that needs zero maintenance.

Hell just like SRPrime wrote, you leave copies of your fingerprints everywhere, even on the scanner itself if you do not use it the right way. I can´t take a photo of your password stored in memory but I can get fingerprints or pictures of your fingertips very easy and it´s not a big deal to make infinite copies. Even with latex gloves you can leave fingerprints if the conditions are right.

CCC did it over ten years ago with tape and glue from a high ranking governmenal politican. They just collected his water glass after a speech.

hatte schon mit aliens zu tun. ich hasse smartphones

a reply to: verschickter

What you just described aren't the systems you would want it on.

originally posted by: Aazadan

originally posted by: sedna9
heard hackers could with 150dollar create a mask to immitate and unlock the phone.

#
does this # sellingt or not? in the moment ?

That is doable. Now find a hacker whose going to steal your phone, get a 3d scan of your face, use that scan to get a mask shipped to them, and then get into your phone before you can report it stolen.

If you're carrying government secrets on your phone that might be a concern. If you're an every day person? It's not an issue.

had never a iphone or smartphone... i stoped using telephpne conversation after leaving school... its already unlocked by the world outside there . imean the price is rediciolous. its not something