meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, November 14th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 14 November 2017

⏱️ 8 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. FaceID Beaten By Mask; Using Heart Movement as Biometric ID; URL Validation Libraries allow SSRF

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, November 14th, 2017 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and the day I'm recording from Jacksonville, Florida.

0:13.8

Vietnamese security company BKAV has released a YouTube video showing how researchers at the company were able to bypass

0:24.6

Face ID on Apple's new flagship iPhone 10 by using a mask.

0:30.6

Now if you remember during the introduction of the phone, Apple pointed out the process

0:36.6

it went through to ensure that face ID systems

0:39.3

can be fooled and masks were actually particular pointed out as a way they tested. But like any

0:47.0

biometric security system, a good enough representation of the features tested can be used

0:53.8

to impersonate the users.

0:56.7

The researchers had to go through a reasonable substantial effort to create a mask that worked.

1:04.2

The face of the user had to be scanned via a 3D scanner to create a three-dimensional replica of the face, then they colored parts

1:14.2

of the face that the phone uses in its facial recognition algorithm.

1:19.4

It helped that the phone will recognize even a partially obscured face.

1:24.6

For example, if half the face is covered up or if the user does for sunglasses,

1:31.5

face ID still works. So the mask only needs to imitate a partial face. The researchers stated that their

1:40.4

attack, unlike others, worked because they looked closer into the way the face ID algorithm

1:48.0

is attempting to figuring whether or not a particular face matches.

1:54.9

They state that the cost of the mask was $150, but this likely only includes the cost of printing the mask itself,

2:04.4

not necessarily the time and cost in collecting the data necessarily to create the mask.

2:10.1

They state that theoretically it's possible for an artist to create a mask based on regular photographs of an individual, but that's not

2:21.2

actually what they did. So if face ID doesn't work, what else is there for biometrics?

2:27.7

Researchers at the University of Buffalo had another idea for biometric off occasion. They developed a low-level radar system

2:38.3

that can be used to identify heart movements, which are apparently unique enough to use them

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.