Attendees of a major hacking conference in Singapore were supposed to hear about a mysterious, new method of hacking Apple’s Face ID, but the presenter scheduled to talk on the matter has withdrawn from the event after his employer asked him to cancel, according to Reuters.
Apple debuted Face ID in September 2017 with the launch of the iPhone X. The creepy biometric authentication system has proven to be far more difficult to hack than the Touch ID feature that came before it. Apple claims the probability of someone else unlocking an iPhone with FaceID is approximately one in 1 million, compared to the one-in-50,000 chance that someone else’s finger could unlock Touch ID.
Law enforcement investigators have even been advised not to look at Face ID-protected phones because they may risk racking up failed attempts to open, prompting a passcode requirement that could be protected by the Fifth Amendment.
Wish Wu, a cybersecurity researcher based in China, was scheduled to be an expert guest at the Black Hat Asia hacking conference in March 2019. He was slated to give a lecture titled, “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms.” But Wu says he recently decided not to give the talk at the conference. He told Reuters that his employer, Ant Financial, asked him to withdraw from the event.
Ant Financial told Reuters in a statement that Wu’s “research on the face ID verification mechanism is incomplete and would be misleading if presented.”
Wu told the news outlet he agrees with his employer’s decision, as he says he could not hack into Face ID on iPhone XS and XS Max, and could only reproduce the hack on an iPhoneX in certain conditions. “In order to ensure the credibility and maturity of the research results, we decided to cancel the speech,” he said to Reuters in a Twitter direct message.
Wu did not immediately respond to a Gizmodo request for comment. Apple did not respond to a request for comment.
According to Reuters, Black Hat pulled an abstract of Wu’s talk from its website last month, responding to Ant raising concerns about the research. The paper reportedly stated that Face ID could be unlocked using tape and an image printed on black and white printer.
Black Hat conference spokesperson Kimberly Samra told Reuters that the organisation “accepted the talk after believing the hack could be replicated based on the materials provided by the researcher.”
In addition to unlocking the iPhone X, XS, XS Max and XR, Face ID is used to access sensitive information in health and finance apps. As Reuters points out, Ant Financial’s payment system works with Face ID.