Should a F500 CFO Rely on Smartphone Security? Hell NO!

by Tim Sloane 0

Standard smartphones are sufficient to protect me, but I don’t have much of a nest egg. However, those that authorizes million dollar transactions every day, really needs to step it up a notch! This article in Yahoo! Finance announced that the new iPhone facial recognition has been hacked:

“When Apple introduced Face ID security alongside the iPhone X, it boasted that even Hollywood-quality masks couldn’t fool the system. It might not be a question of movie-like authenticity, however — security researchers at Bkav claim to have thwarted Face ID by using a specially-built mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology. The creation uses hand-crafted “skin” made specifically to exploit Face ID, while 3D printing produced the face model. Other parts, such as the eyes, are 2D images. The proof of concept appears to work, as you can see in the clip below. The question is: do iPhone X owners actually have to worry about it?

The researchers maintain that they didn’t have to ‘cheat’ to make this work. The iPhone X was trained from a real person’s face, and it only required roughly $150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it’s not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.”

However the key phrase in this article comes in the next paragraph:

“Apple declined to comment when asked about the claim. However, Bkav is quick to acknowledge that the effort involved makes it difficult to compromise ’normal users.’ ”

There are special smartphones available for those that represent targets to criminals or government agencies, including the Blackphone or the Blackberry PRIV. There are also upgrades that can be made to some traditional smartphones that might prove sufficient, depending on your vulnerabilities. But anyone that can authorize large dollar transactions really needs more than special devices, they need special protection since kidnapping remains a real possibility.

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here