iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On

[Wowereit]

With a budget of zero and a few seconds one could bludgeon someone in their head and chop a finger off and voila Touch ID fail.

Why so brutal?
Just need a fingerprint, some conductible silicone and a battery.

 

[Bacillus]

Because of the obvious vulnerabilities of FaceID, Apple is now working on SoulID. The problems with it can be easily anticipated.

Not so fast - lack of inspiration requires retarded feature roll-out.
Therefore, DickID first.

 

[alexgowers]

I suspect Apple can improve Face ID in the future to prevent this kind of attack. If for example a blink or rapid eye movement is monitored or many other things could be. Next gen models could add Flir like infra red to trigger, so you’d need a warm face.

I think Face ID is perfectly secure but I do like Touch ID and it’s maturity. I suspect eventually the only front facing sensor will be the camera once Touch ID can be put under the screen or in a side or back button. The screen will in the end take the entire front face for sure.

 

[Bacillus]

(I hate to be this way because I am an Apple supporter and don’t want our only choice to be these spyware companies pretending to be tech companies, but Apple needs a serious wake-up call.)
Anyway...here I go...
How did anyone expect Apple’s AI team to nail face recognition security when they can’t even get a simple predictive keyboard to work?
Seriously, this is where Apple needs to spend some of its war chest. Build AI and cloud teams so it can compete. (And how about some innovation in the basic software too. And a decent laptop line. Oy. Come on Apple. The list is growing long, and this is how empires fall.)

Sorry, didn't get that complaint. Shall I look for it on the web ?

 

[Jimrod]

Jesus, I don't care about the iPhone X for many reasons, I don't like many of the decisions Apple are taking - but seriously, the security of FaceID being tricked by elaborate masks is an issue for precisely no-one.

 

[Piggie]

Where there's a will there's a way. Any security feature can be overcome it is only a matter of resources allocated, time and practicality. They say Touch ID is more secure... but even that is not infallible. With a budget of zero and a few seconds one could bludgeon someone in their head and chop a finger off and voila Touch ID fail. Sounds a lot easier than luring someone into a room with hidden array of cameras and then making a near perfect face mask to override face ID.

The problem for Apple's credibility is.
On stage, live to the world. They, the richest company in the world stated that they used Hollywood to create face masks that their new face ID would not work with.

So you have the best of the best with no money/time limits to prove a point to the world.

Then someone with a few $100 and a little knowledge can do better and prove them wrong.

THAT is the problem.
Apple set themselves up for a fall.
If you are going to state something as fact to the world, you better be dam sure you are right to avoid a simple member of the public proving them wrong.

 

[Bacillus]

This is worrisome news - with iPhone X customers embarassingly adapting to their animoji's.

 

[shplock]

Yeah, anyone serious about security would tell you Face ID is a joke. Bring back Forstall

Your statement is a joke

 

[mrklaw]

for a criminal, wouldn't it be easier to deliberately fail FaceID and then just guess the likely 4 digit passcode? Thats way less secure than FaceID

 

[shplock]

The problem for Apple's credibility is.
On stage, live to the world. They, the richest company in the world stated that they used Hollywood to create face masks that their new face ID would not work with.

So you have the best of the best with no money/time limits to prove a point to the world.

Then someone with a few $100 and a little knowledge can do better and prove them wrong.

THAT is the problem.
Apple set themselves up for a fall.
If you are going to state something as fact to the world, you better be dam sure you are right to avoid a simple member of the public proving them wrong.

But nothing has been proven. PERIOD. We do not know the context. Ie did they spend long enough training Face ID to recognise the original face or did they set the phone up with the mask as the original face etc. They have simply left too many questions unanswered
[doublepost=1511864034][/doublepost]

for a criminal, wouldn't it be easier to deliberately fail FaceID and then just guess the likely 4 digit passcode? Thats way less secure than FaceID

The passcode is 6 digits which is way WAY harder to guess. Especially if the wipe iPhone after 10 failed attempts is turned on.

 

[Jsameds]

The problem for Apple's credibility is.
On stage, live to the world. They, the richest company in the world stated that they used Hollywood to create face masks that their new face ID would not work with.

So you have the best of the best with no money/time limits to prove a point to the world.

Then someone with a few $100 and a little knowledge can do better and prove them wrong.

THAT is the problem.
Apple set themselves up for a fall.
If you are going to state something as fact to the world, you better be dam sure you are right to avoid a simple member of the public proving them wrong.

As someone has already said, there is not context to this. How many attempts did it take? How many masks did they have to make? Was FaceID reset before each test? How long was the real face trained before before being opened by the mask? Did they enter the passcode after each failed mask attempt?

It's all meaningless without knowing these details. All this proves once again is that someone can break into a phone that they already have the access to anyway.

When they can prove they can get this right in a real world scenario in under five attempts (else FaceID will lock out) using an independent phone that has been trained to the users face over time, then we can start to worry.

Until then though, this is all meaningless.

 

[shaunp]

No worries, at least 3D emoji's are working fine...

 

[idrewuk]

Whoever this is has way too much time on his hands. Complete waste of energy and resource! Zzzzz.

 

[mazz0]

What's an infra-red photo (like they used for the eyes). Does it require an infrared camera and special printer?

 

[Thai]

The problem for Apple's credibility is.
On stage, live to the world. They, the richest company in the world stated that they used Hollywood to create face masks that their new face ID would not work with.

So you have the best of the best with no money/time limits to prove a point to the world.

Then someone with a few $100 and a little knowledge can do better and prove them wrong.

THAT is the problem.
Apple set themselves up for a fall.
If you are going to state something as fact to the world, you better be dam sure you are right to avoid a simple member of the public proving them wrong.

And what did Apple touted regarding TouchID in 2013? Must be a live finger, remember? And that was broken in 2-3 days by hack. And now PLAYDOH could break it!! Did that ruin Apple credibility? Did anyone care?

FaceID took a lot longer to break. This hack is a lot more elaborate than with TouchID. Has not been duplicated.

And here you are worrying about credibility?

 

[adnbek]

Haha you think I should be banned for speaking the truth?

No, I think you should be banned for bringing nothing meaningful to any discussion you get involved in.

 

[iwan073]

If they are somehow capable of copying my face with a 3D printer and acquire 2D infrared photo's of my eyes, they might as well use my real face

 

[BvizioN]

I will bet you that you cannot, no matter how good your mask is, unlock my iPhone. (I have an 8 Plus)

The trick to unlock Touch ID have been explained years ago. And whats more appealing is that it can be done without a mask
Move on.

 

[bruinsrme]

Let’s see here. I have hundreds of thousands of dollars worth of stuff, financial papers, IDs, collectibles, electronics, credit cards and so on.
My doors are locked but what about those things made of glass.
How many people carry a wallet or purse with personal info inside?

Please you’re worried about a professional mask maker duplicating your face and stealing what?

 

[BvizioN]

To be fair, it sounds like these guys enjoyed an unfettered access to the phone and probably had hundreds of failures before this one mask worked.

That without a doubt. They work all the way to only show you the bits they want you to see, to get the much desired attention they are seeking (which is the entire purpose of this thing)

 

[anthorumor]

Anything to become newsworthy. But seriously, why?

 

[sully54]

1. That is the creepiest things ever.

2. Not to be paranoid but it would be interesting to find out if these people had financial/logistical help from one of Apple’s competitors *cough Samsung cough* it I just don’t get the motivation otherwise.

 

[pmhparis]

That without a doubt. They work all the way to only show you the bits they want you to see, to get the much desired attention they are seeking (which is the entire purpose of this thing)

Yeah, they appear, through exhaustive testing over multiple weeks and with access to the passcode, to have fabricated a mask that will unlock a newly reset FaceID -- IF the FaceID registration is performed poorly so that the lower part of the face or a low angle aspect are not in the FaceID database.

There is no proof that:
- This will work for anyone else
- That this will work for anyone who correctly sets up FaceID
- That this continues to work for FaceID that has been used for a longer period of time in which the iPhone has been refining/augmenting the FaceID database.

_YAWN_

 

[Fishcake21]

I feel much safer knowing that thieves will make a mask using my photo using rather than cutting my own finger!

 

[pmhparis]

Anything to become newsworthy. But seriously, why?

The Viet company in question has a reputation for over-announcing in order to gain free press and then underperforming subsequently.