Face ID Defeated With 3D Printed Mask (Maybe)

Information about this one is still tricking in, so take it with a grain of salt, but security company [Bkav] is claiming they have defeated the Face ID system featured in Apple’s iPhone X. By combining 2D images and 3D scans of the owner’s face, [Bkav] has come up with a rather nightmarish creation that apparently fools the iPhone into believing it’s the actual owner. Few details have been released so far, but a YouTube video recently uploaded by the company does look fairly convincing.

For those who may not be keeping up with this sort of thing, Face ID is advertised as an improvement over previous face-matching identification systems (like the one baked into Android) by using two cameras and a projected IR pattern to perform a fast 3D scan of the face looking at the screen. Incidentally, this is very similar to how Microsoft’s Kinect works. While a 2D system can be fooled by a high quality photograph, a 3D based system would reject it as the face would have no depth.

[Bkav] is certainly not the first group to try and con Apple’s latest fondle-slab into letting them in. Wired went through a Herculean amount of effort in their attempt earlier in the month, only to get no farther than if they had just put a printed out picture of the victim in front of the camera. Details on how [Bkav] managed to succeed are fairly light, essentially boiling down to their claim that they are simply more knowledgeable about the finer points of face recognition than their competitors. Until more details are released, skepticism is probably warranted.

Still, even if their method is shown to be real and effective in the wild, it does have the rather large downside of requiring a 3D scan of the victim’s face. We’re not sure how an attacker is going to get a clean scan of someone without their consent or knowledge, but with the amount of information being collected and stored about the average consumer anymore, it’s perhaps not outside the realm of possibility in the coming years.

Since the dystopian future of face-stealing technology seems to be upon us, you might as well bone up on the subject so you don’t get left behind.

Thanks to [Bubsey Ubsey] for the tip.

Continue reading “Face ID Defeated With 3D Printed Mask (Maybe)”

Bringing Back the iPhone7 Headphone Jack

Plenty of people bemoaned Apple’s choice to drop the 1/8″ headphone jack from the iPhone 7. [Scotty Allen] wasn’t happy about it either, but he decided to do something about it: he designed a custom flex circuit and brought the jack back. If you don’t recognize [Scotty], he’s the same guy who built an iPhone 6 from parts obtained in Shenzhen markets. Those same markets were now used to design, and prototype an entirely new circuit.

The iPhone 7 features a barometric vent, which sits exactly where the headphone jack lived in the iPhone 6. The vent helps the barometric pressure sensor obtain an accurate reading while keeping the phone water proof. [Scotty] wasn’t worried about waterproofing, as he was cutting a hole through the case. The vent was out, replaced with a carefully modified headphone jack.

The next step was convincing the phone to play analog signals. For this, [Scotty] used parts from Apple’s own headphone adapter. The hard part was making all of this work and keeping the lightning port available. The key was a digital switch chip. Here’s how the circuit works:

When no headphone is plugged in, data is routed from the iPhone’s main board to the lightning port. When headphones are plugged in, the data lines are switched to the headphone adapter. Unfortunately, this means the phone can’t play music and charge at the same time — that is something for version 2.0.

The real journey in this video is watching [Scotty] work to fit all these parts inside an iPhone case. The design moved from a breadboard through several iterations of prototype printed circuit boards. The final product is built using a flexible PCB – the amber-colored Kapton and copper sandwiches that can be found in every mobile device these days.

Making everything fit wasn’t easy. Two iPhone screens perished in the process. But ultimately, [Scotty] was successful. He’s open sourced his design so the world can build and improve on it.

Want to read more about the iPhone 7 and headphone jacks? Check out this point and counterpoint.  we published on the topic.

Continue reading “Bringing Back the iPhone7 Headphone Jack”

Apple’s Secure Enclave Processor (SEP) Firmware Decrypted

The decryption key for Apple’s Secure Enclave Processor (SEP) firmware Posted Online by self-described “ARM64 pornstar” [xerub]. SEP is the security co-processor introduced with the iPhone 5s which is when touch ID was introduced. It’s a black box that we’re not supposed to know anything about but [xerub] has now pulled back the curtain on that.

The secure enclave handles the processing of fingerprint data from the touch ID sensor and determines if it is a match or not while it also enables access for purchases for the user. The SEP is a gatekeeper which prevents the main processor from accessing sensitive data. The processor sends data which can only be read by the SEP which is authenticated by a session key generated from the devices shared key. It also runs on its own OS [SEPOS] which has a kernel, services drivers and apps. The SEP performs secure services for the rest of the SOC and much more which you can learn about from the Demystifying the Secure Enclave Processor talk at Blackhat

[xerub] published the decryption keys here. To decrypt the firmware you can use img4lib and xerub’s SEP firmware split tool to process. These tools make it a piece of cake for security researchers to comb through the firmware looking for vulnerabilities.

Charge Your Phone on an Iron Throne

Game of Thrones season 7 is finally here! [Hoecrux] is celebrating by building a GoT inspired cell phone charger. No, this isn’t a 3D print, nor is it vacuum molded. This iron throne was hand made from hundreds of cocktail swords. The frame of the chair is made from medium density fiberboard (MDF). The frame is covered with upholstery foam, then a layer of thin gray foam which forms the surface of the chair.

[Hoecrux] then began the painstaking process of hot gluing 600 cocktail swords to her creation. Each sword had to be modified by cutting off the loop guard. Some of the swords are bent, which was achieved with a heat gun. The completed chair was finished with a coat of black spray paint, followed by dry brushing with acrylic silver paint.

This particular iron throne charger is built for an android phone. [Hoecrux] embedded a micro USB cable in the base of the seat. If you’re of the iOS persuasion, you can substitute a lightning cable.

Check out the video after the link, and while you’re at it, get a look at this beach ready solar charger setup.

Continue reading “Charge Your Phone on an Iron Throne”

Hacking iBeacons For Automating Routines

Every self-respecting hacker has an automation hack somewhere in his/her bag of tricks. There are a lot of modern-day technologies that facilitate the functionality like GPS, scripting apps, and even IFTTT. In an interesting hack, [Nick Lee] has combined iBeacons and a reverse engineered Starbucks API to create an automated morning routine.

By creating a mobile app that scans for iBeacons, [Nick Lee] was able to reduce the effort made every morning while heading to his office. When the app encounters a relevant beacon, a NodeJS app sitting in the cloud is triggered. This consequently leads to desired actions like ordering an Uber ride and placing an order for an iced latte.

[Nick Lee] shares the code for the Starbucks application on GitHub for anyone who wants to order their favorite cup of joe automatically. This project can be easily expanded to work with GPS or even RFID tags and if you feel like adding IoT to a coffee machine, you could automate all of your beverage requirements in one go.

Siri Controls Your PC Through Python and Gmail

Voice-based assistants are becoming more common on devices these days. Siri is known for being particularly good at responding to natural language and snarky responses. In comparison, Google’s Assistant is only capable of the most obvious commands, and this writer isn’t even sure Microsoft’s Cortana can understand English at all. So it makes sense then, if you want voice control for your PC, to choose Siri as your weapon of choice. [Sanjeet] is here to help, enabling Siri to control a PC through Python.

The first step is hooking up the iPhone’s Notes app to a Gmail account. [Sanjeet] suggests using a separate account for security reasons, as you’ll need to place the username and password in a Python script. The Python script checks the Gmail account every second, looking for new Notes from the iPhone. Then, it’s as simple as telling Siri to make a Note (for example, “Siri, Note shutdown”) and the Python script can then pick up the command, and act accordingly.

It’s a quick and easy way to get Siri to do your bidding. There’s other fancy ways to do it, too — like capturing Siri’s WiFi data on your home network.

VR Mech’s Missing Link: The Phone in Your Pocket

In the process of making a homemade Mech Combat game that features robot-like piloted tanks capable of turning the cockpit independent of the direction of movement, [Florian] realized that while the concept was intuitive to humans, implementing it in a VR game had challenges. In short, when the body perceives movement but doesn’t feel the expected acceleration and momentum, motion sickness can result. A cockpit view that changes independently of forward motion exacerbates the issue.

To address this, [Florian] wanted to use a swivel chair to represent turning the Mech’s “hips”. This would control direction of travel and help provide important physical feedback. He was considering a hardware encoder for the chair when he realized he already had one in his pocket: his iPhone.

By making an HTML page that accesses the smartphone’s Orientation API, no app install was needed to send the phone’s orientation to his game via a WebSocket in Unity. He physically swivels his chair to steer and is free to look around using the VR headset, separate from the direction of travel. Want to try it for yourself? Get it from [Florian]’s GitHub repository.

A video is embedded below, but if you’re interested in details be sure to also check out [Florian]’s summary of insights and methods for avoiding motion sickness in a VR Mech cockpit.

Continue reading “VR Mech’s Missing Link: The Phone in Your Pocket”