Black Hat Asia Face ID Spoof Talk Cancelled

A security expert who claimed to have developed a hacking method for Apple’s Face ID system has cancelled a scheduled talk at the Black Hat Asia conference, an unusual move where such events are concerned.

The researcher, Wish Wu, said he cancelled his talk at the behest of his employer, Ant Financial, which said in a statement that his research “is incomplete and would be misleading if presented.” For his part, Wu seemed to agree, acknowledging on Twitter that he could only hack Apple’s 3D facial recognition system on iPhone X devices and under certain conditions, and not on newer face-scanning devices from Apple such as the iPhone XS and XS Max.

An abstract of Wu’s talk that had been posted on the Black Hat Asia website had claimed his spoofing method involved a black-and-white printout and tape, suggesting it’s far less elaborate than the one employed by Bkav, a Vietnam-based group of researchers which claimed to have spoofed Face ID in late 2017. That effort involved the construction of an elaborate mask, and has not been replicated.

It is perhaps worth noting that Ant Financial, Wu’s employer, supports Face ID authentication on its Alipay mobile payments platform, suggesting it had a market incentive to pull his talk from the Black Hat conference. But given the relative lack of successful Face ID spoofs since its launch, Wu’s claim had prompted some skepticism, including from one of the world’s leading biometrics experts, Michigan State University’s Anil Jain, according to a VentureBeat report.

Sources: VentureBeat, AppleInsider

(Originally posted on Mobile ID World)