iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On

[Luiz TMS]

It will be easier to authorities to unlock phones.
However, Apple could easily fix it, asking for a smile or a blinking eye!

 

[VulchR]

I have written many posts about how hard the computational problems that FaceID is trying to solve are, and thus that we should not expect miracles from it, and I've taken a lot of flak for expressing that view. Still, my reaction to this story is 'so what?'. FaceID will work securely for most people most of the time.

 

[BvizioN]

2. Not to be paranoid but it would be interesting to find out if these people had financial/logistical help from one of Apple’s competitors *cough Samsung cough* it I just don’t get the motivation otherwise.

Probably just attention seeking. Happens all the time after a new iPhone is released. Lot of YouTuber's for example go through all sort of scrutinisation on newer iPhone in a hope to discover some faults/weakens and make some name. I did not know The Box Therapy guy until iPhone 6 bendgate.

 

[Harlowgold1]

When Equifax can be hacked and 145 million people are compromised, one has to realize that cellphone security will have limitations. If someone wants your personal data, they'll find a way. Like Hillary Clinton, I don't lose sleep over data breaches.

 

[Manzzle]

Found a dead mass-shooter’s body. Discovered there’s an iPhone X inside his/her pocket. Create mask. Carefully take out iPhone X from body (and don’t let it see any faces in the process). Unlock iPhone X, warrant not required, Apple not need to be contacted.

Why not just open the corpse eyes and point the phone at his face. So much easier.

 

[brenkh]

If someone wants to go through all this trouble to get into my phone I will gladly give him my passcode...

 

[Stiss]

Yeah, anyone serious about security would tell you Face ID is a joke. Bring back Forstall

Forstall
lmao.

 

[stanman64]

These tests and "successes" keep getting more and more ridiculous. Next headline: "Face ID fooled by a complex 27-step process that required 2 professional make up artists, 5 crew members, hundreds of dollars of materials, and took 184 days to complete."

And news/tech sites will eat it up.

 

[Harlowgold1]

Face ID will not work when I put a paper bag over my head! I'm calling Apple Technical Support!

 

[coolbreeze]

Hear that sound? The sound of 3d printers humming at the FBI...

 

[DNichter]

Haha, not worried about this at all. Don't think a thief or someone who finds my phone is going to have the capability to do this.

 

[GSRennie]

Quite obviously FaceId can be unlocked with a mask - if you set it up using a mask, instead of using your face. And that's essentially what these guys are doing. In real life, it would be quite difficult to create a 3D mask without knowledge and permission of the user. No chance to unlock the phone unless the owner of the phone unlocks it for you whenever the unlocking fails.

I watched the video. The mask was made first. Then the iPhone X Face ID was reset, with all steps shown on video. Then the iPhone was carefully placed in front of the mask and it opened. What I didn't understand is why the mask wasn't rejected because of the odd colouring around the eyes versus the skin tone of the demonstrator.

 

[VulchR]

... What I didn't understand is why the mask wasn't rejected because of the odd colouring around the eyes versus the skin tone of the demonstrator.

The simple answer is cosmetics. FaceID not only has to deal with perspective, facial expressions, puffiness, piercings, facial hair, jewellery, acne, glasses, sunburn, hats/scarfs, etc., but it has to deal also with cosmetics. Most people use cosmetics in a subtle way, but some enjoy expressing themselves more vibrantly. Like I said, FaceID is trying to overcome enormous computational problems – ones that even our complex brains do not always solve accurately. You can't expect miracles from it.

 

[Mike MA]

Honestly, did ever somebody do similiar like rebuilding a finger print when Touch ID was released?

 

[OldSchoolMacGuy]

If you fear someone is going to go through all of this to get into your phone, you shouldn't be using FaceID or TouchID. You need to be using a very very long password instead.
[doublepost=1511873061][/doublepost]

Honestly, did ever somebody do similiar like rebuilding a finger print when Touch ID was released?

Yes. It was done very shortly after TouchID first came out and took only a couple dollars of material.

Those slamming the FaceID are generally those with TouchID who choose to ignore their own security shortcomings, can't afford an X, and use it as a reason to slam the product. It's like making fun of a Porsche 911 for poor gas mileage because you can't afford one.

 

[840quadra]

Again, as suspected with the twin and sibling spoofing, its a freshly trained phone. As I said before in other threads, I would like to have the training process (to activate FaceID) do more scans / testing before it is enabled. Similar to how you “adjust your grip” in training TouchID, FaceID should be required to train with and without attention, as well as more of a profile just to get a better scan.

At the end of the day, it still looks much cheaper / easier to do a mythbusters style Fingerprint spoof than it is to do a special 3D printed mask to spoof FaceID.

 

[imronburgundy]

ugly and outdated iPhone 8

Come on, you're just being silly.

 

[bbplayer5]

Can’t the IR check for a warm body?

You know you can warm a mask too right?

 

[simonmet]

I watched the video. The mask was made first. Then the iPhone X Face ID was reset, with all steps shown on video. Then the iPhone was carefully placed in front of the mask and it opened. What I didn't understand is why the mask wasn't rejected because of the odd colouring around the eyes versus the skin tone of the demonstrator.

I think it’s the physical shape and proportions that it’s looking for, not tone or colour.

 

[kdarling]

You know you can warm a mask too right?

Exactly. Biometrics can almost always be spoofed if you really want to.

There's even been techniques to simulate pulsing blood in a fake finger, in order to fool fingerprint sensors that watch for that.

 

[Piggie]

If you placed this mask on a small horse, would it then be regarded as Mascarpone

 

[arkitect]

If you placed this mask on a small horse, would it then be regarded as Mascarpone

Ah, the good old Mask a pony.
Always makes me chuckle.

 

[simonmet]

Here’s a somewhat sobering thought. CCTV technology is widespread and in certain cases more advanced than most people realise. Software algorithms that can detect people and track their movements already exist and are in active use.

What if this technology improved from using 2D images to adding the third dimension like Face ID? Well suddenly the technology can become a lot more accurate and a lot more powerful.

It’s possible governments already have these kinds of advanced 3D scanning techniques available and if they don’t they soon will, you can count on that!

These cameras could potentially record the information required to rebuild a model of your face or even whole body without you even realising it.

 

[eddjedi]

So all you need to break in to the new iPhone is to steal the phone from somebody, and then make an exact 3D replica of their face? No problem.

 

[simonmet]

So all you need to break in to the new iPhone is to steal the phone from somebody, and then make an exact 3D replica of their face? No problem.

I believe the concerns are overblown, but until I’ve had the opportunity and time to test it personally I’m going to assume it’s less secure than it probably is.

That’s the pragmatic and cautious approach I feel.