A cyber researcher is pulling out of a public talk where he was supposed to discuss his findings in bypassing Apple's Face ID.
Wish Wu was originally scheduled to present his work "Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms" in March at the Black Hat Asia hacking conference in Singapore. However, he had to cancel the presentation at the request of his employer Ant Financial.
'Misleading' Research
Wu explained to Reuters that the bypass could work only "under certain conditions" on the iPhone X and that it didn't work on the iPhone XS and iPhone XS Max. He also said that he agreed with the decision of canceling his appearance at the conference.
"In order to ensure the credibility and maturity of the research results, we decided to cancel the speech," he told the news outlet via Twitter.
Ant Financial then clarified the reasoning behind the withdrawal decision:
"The research on the face ID verification mechanism is incomplete and would be misleading if presented," the company said.
According to Wu's abstract, a black-and-white image on an ordinary paper and tape could hack Face ID. However, Ant Financial found inconsistencies in his work during the latter part of 2018 and decided to cancel the public talk.
The firm's digital payment system Alipay uses Face ID among other facial recognition technologies.
Face ID Remains Infallible
Hackers cracked Touch ID after only a few days after it launched in September 2013. In comparison, Face ID has yet to be defeated. That's despite the claim of Vietnamese security company Bkav that it has bypassed Face ID with a $150 mask in November 2017, a feat that other researchers have failed to reproduce.
Another report in November 2017 also showed that a 10-year-old boy managed to unlock his mother's iPhone X with Face ID.
Without a doubt, Face ID is more secure than Touch ID, with a probability of one in one million of someone breaching the former and one in 50,000 in the latter, as Apple explains on its support page. Needless to say, breaking Face ID could spell trouble for many users who rely on it to keep their banking details, text messages, emails, and other personal information safe.