Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I wouldn't be concerned about a joe dirt off the street using this to get into my phone -- however, if you are a criminal or terrorist and the government is now in possession of your phone, it seems they would be able to easily defeat faceID (if it was the main method to lock the phone).
 
I wouldn't be concerned about a joe dirt off the street using this to get into my phone -- however, if you are a criminal or terrorist and the government is now in possession of your phone, it seems they would be able to easily defeat faceID (if it was the main method to lock the phone).

don't you think the government taking a fingerprint from the phone or from your house or your car or from a database (concealed carry licenses in many states, TSA fast track all require a fingerprint scan) and printing it on a piece of plastic to unlock the fingerprint sensor isn't the same issue? the fingerprint sensor in the other iphones can be easily fooled by a printed fingerprint on a plastic film
 
  • Like
Reactions: jgelin
Also there is a question of training...does Face ID become more accurate or just more forgiving over time, meaning if I setup my iPhone 2 months ago could this even work.
FaceID updates the image that it is matching after a successful match, and (probably) after an unsuccessful match after you enter the passcode. Without passcode, you have just five attempts, and FaceID will not update anything during unsuccessful attempts.
 
  • Like
Reactions: Baymowe335
I wouldn't be concerned about a joe dirt off the street using this to get into my phone -- however, if you are a criminal or terrorist and the government is now in possession of your phone, it seems they would be able to easily defeat faceID (if it was the main method to lock the phone).
It would be FAR easier for them to defeat you personally than to go through the potentially fruitless effort of defeating FaceID. A pipe wrench is way cheaper and you don’t have to hire too many guys to implement the use of one.
 
I wouldn't be concerned about a joe dirt off the street using this to get into my phone -- however, if you are a criminal or terrorist and the government is now in possession of your phone, it seems they would be able to easily defeat faceID (if it was the main method to lock the phone).
Assuming they know you personally with just your phone, you gave them high res pictures of your face, a mold of your face, and the passcode so they could train FaceID to open when their mask failed the 5 attempts before no more Face ID, then yes.
 
Again TouchID is much easier to fake: cathing someone sleeping, or grabing their print off a glass. You my friend can keep your Touch ID, and take mine too.

You mean easier to fool TouchID as demonstrated here? LOL! https://forums.macrumors.com/thread...f-original-fingerprint.1642817/#post-17977807

On the other hand, once I have a mask of yours, I can just keep using it regardless of where and when. In another word, I am you, in the eyes of FaceID.

TouchID is much more secured than FaceID. Period.
[doublepost=1511924763][/doublepost]
Touch ID doesn’t work when wearing gloves or when your fingers are wet. Different Tech with different limitations.

You ignored the fact that when TouchID fails to work it at least does not give a false positive; whereas FaceID does. Which is an ultimate fail.
 
Last edited:
I hate these articles. If someone actually went out of their way to create a mask of my face so they can access my phone... then i'll just give them the unlock passcode.

I'm actually honored that people will go through this just for me. :D
 
  • Like
Reactions: SactoGuy18
so someone needs DETAILED photographs of you + a 3D printer + $200 for the materials + be in physical possession of your phone + without you knowing it .... mmmh... ok..... I feel pretty secure....

A photo of someone is certainly much easier to obtain than a fingerprint of someone. So exactly, how is FaceID more secure?
 
Last edited:
You mean easier to fool TouchID as demonstrated here? LOL! https://forums.macrumors.com/thread...f-original-fingerprint.1642817/#post-17977807

On the other hand, once I have a mask of yours, I can just keep using it regardless of where and when. In another word, I am you, in the eyes of FaceID.

TouchID is much more secured than FaceID. Period.
[doublepost=1511924763][/doublepost]

You ignored the fact that when TouchID fails to work it at least does not give a false positive; whereas FaceID does. Which is an ultimate fail.

Google this: TouchID and playdoh.

False positive? Are you freaking kidding me?!

Period. Get some facts before posting. Period.
[doublepost=1511926393][/doublepost]
A photo of someone is certainly much easier to obtain than a fingerprint of someone. So exactly, how is FaceID more secure?

Fingerprint can be photographed from afar, can be lifted off any surface you touch, etc.. And like FaceID, your fingerprint cannot be changed.
[doublepost=1511926780][/doublepost]TouchID bypass:

1:11 part of video. A SIMPLE PHOTO of a finger is enough.
 
Last edited:
Google this: TouchID and playdoh.

False positive? Are you freaking kidding me?!

Period. Get some facts before posting. Period.
[doublepost=1511926393][/doublepost]

Fingerprint can be photographed from afar, can be lifted off any surface you touch, etc.. And like FaceID, your fingerprint cannot be changed.
[doublepost=1511926780][/doublepost]TouchID bypass:

Not sure of what false positive I am talking about? Err...you are aware of the thread we are currently on right?

I am well aware of the play-doh hack. So what are you trying to prove with it? If anything, it means we need the next generation of TouchID which scans at 2000 ppi and handles wet fingers with ease.

And last time I check, unless you are some FBI agent collecting evidence at a crime scene. Otherwise, I haven't seen anyone sniffing around my place just for my fingerprint.
 
Last edited:
Not sure of what false positive I am talking about? Err...you are aware of the thread we are currently on right?

I am well aware of the play-doh hack. So what are you trying to prove with it? If anything, it means we need the next generation of TouchID which scans at 2000 ppi and handles wet fingers with ease.

No false positive with TouchID?!?!

Dude, touchID is far EASIER and CHEAPER to spoof. PERIOD.
 
No false positive with TouchID?!?!

Dude, touchID is far EASIER and CHEAPER to spoof. PERIOD.

Dude, you want to calm down a bit?

Sure, you can generate a false positive on any security measure. However, I've only seen TouchID being fooled by highly skilled hackers. I sure haven't seen it being fooled by twins or sons.

And let's face it, if a hacker wants something the hacker will get it. One way or another.
 
I don't understand the time and effort that is put into these things. I guess they are going for views, clicks, and likes. I see no difference in duplicating someone's fingerprint to achieve the same thing with TouchID (and it would probably take less time and effort, too). FaceID is new, and different... people tend to be afraid of new and different things which usually leads to to idiotic behavior.

Really? Aren’t you curious about how things work? Not everything is about getting “clicks”.

I, for one, welcome people testing the weaknesses of systems that we rely upon.
 
No, in the video, they set up faceid with the presenter's face and then unlocked it with a mask of his face. Not taking anything away from the difficulty of doing this for a complete stranger, but it showed that it can be done.

It actually didn't show anything. How did they manage to create a mask that worked? By creating a mask, trying it, changing it, trying again until they had it working. You can bet that required passcode unlocks, and they didn't show that. Plus they had the presenter available in person. If they steal someone's phone, that person isn't available.
 
  • Like
Reactions: Michael Scrip
I do wonder.
Thinking about this from a practical standpoint, FaceID, dependent on how it manipulates the data is holds, could get less secure over time.
Everyone is simply assuming it will get more secure as it see's your face in different ways.
But please, just STOP and think about this for a moment.

1st 3D scan of your face, THAT is the face it needs to unlock with.
Then over time you use face ID.

It then has to add into this:

Make-Up on, Make-Up off.
Hair in many styles.
Glasses on and off
Facial hair, perhaps various styles
Changes of expression / time of day / how you look
Lighting variations.

All this, in reality will be allowing more "slop in the system" as it's having to let you in, whilst allowing for variations.

Put it another way.

Take a normal 2D photo and saying only if someone looks like THIS wil it be ok.
Then take 100 photos of the person in all different looks, and then say, any of these additional 100 looks will be ok also.

Which is the more secure? the 1st photo, or the latter range of 100 ?
 
I do wonder. Thinking about this from a practical standpoint, FaceID, dependent on how it manipulates the data is holds, could get less secure over time. Everyone is simply assuming it will get more secure as it see's your face in different ways. But please, just STOP and think about this for a moment.

1st 3D scan of your face, THAT is the face it needs to unlock with.
Then over time you use face ID.

It then has to add into this:

Make-Up on, Make-Up off.
Hair in many styles.
Glasses on and off
Facial hair, perhaps various styles
Changes of expression / time of day / how you look
Lighting variations.

All this, in reality will be allowing more "slop in the system" as it's having to let you in, whilst allowing for variations.

Put it another way.

Take a normal 2D photo and saying only if someone looks like THIS wil it be ok.
Then take 100 photos of the person in all different looks, and then say, any of these additional 100 looks will be ok also.

Which is the more secure? the 1st photo, or the latter range of 100 ?

Isn't the majority of what FaceID does related to a physical 3D scan of your face?

If so... then makeup on/off would have no impact on the shape of your face.

Nor will hair up/down, time of day, etc.

From what I understand (I haven't done a deep-dive into Apple's white-paper) the iPhone is blasting 30,000 IR dots onto your face and reading the depth map.

If you wear red lipstick one day and not the next day... the basic shape of your face hasn't changed.

Even if you setup FaceID with a big bushy beard and then shave it off... there should be enough other depth info from your cheekbones, eye sockets, forehead, etc, to prove that it is you. (if not... just use your passcode and the phone will learn that it's you... albeit without the beard covering your chin)

I understand your point about "slop in the system" but it's designed to work with the slop.

But again... even if you have 100 different looks... your face still has the same overall shape.

The basic depth map of your face doesn't change every day... if at all.
 
  • Like
Reactions: ErikGrim
don't you think the government taking a fingerprint from the phone or from your house or your car or from a database (concealed carry licenses in many states, TSA fast track all require a fingerprint scan) and printing it on a piece of plastic to unlock the fingerprint sensor isn't the same issue? the fingerprint sensor in the other iphones can be easily fooled by a printed fingerprint on a plastic film

Good point.
But the average user shouldn't be worried about his fingerprints being stolen or FaceID being fooled by a mask.
I guess the vast majority of attacks against users will always require stealing their password via phishing or similar kind of scams.
 
Dude, you want to calm down a bit?

Sure, you can generate a false positive on any security measure. However, I've only seen TouchID being fooled by highly skilled hackers. I sure haven't seen it being fooled by twins or sons.

And let's face it, if a hacker wants something the hacker will get it. One way or another.

That was not what you said. Ok, we agree...TouchID can be hacked very easily by using cheap materials such as Playdoh.

As for IDENTICAL twins, true. Son? No. Read the WIRED article again.
 
A photo of someone is certainly much easier to obtain than a fingerprint of someone. So exactly, how is FaceID more secure?
It is not a photo, it is a collection of photos from different angles in order to reconstruct a 3D model of your face. A single photo is not enough. A single photo of a fingerprint has been used in the past to fool fingerprint-based security
 
  • Like
Reactions: Thai
It is not a photo, it is a collection of photos from different angles in order to reconstruct a 3D model of your face. A single photo is not enough. A single photo of a fingerprint has been used in the past to fool fingerprint-based security

Trust me, this is SO simple.
All I have to do is take your phone without you seeing me take it.
Hold the phone up, pointing at your face, and either call you or tap you on the shoulder, you turn to see what it is, and naturally you look at this phone for a moment before your brain kick in and BLAM it's unlocked and I do a runner.

Potentially it's even easier than that.
I only need to have the "chin" exposed.
I could put the phone behind a cloth or anything, so you just look at the thing I'm holding with you phone behind, and again the phone is unlocked but this time you have no idea it was your phone you just looked at.

If someone set up a little routine and a prop, it would be so so easy to unlock your phone this way by you looking at it without realizing.
Far far easier than taking your phone and trying to get you to touch, touch ID.
 
and? better to look like that than a 3 year old design with wasted space

Really? This is completely stupid, it requires less effort and money to just buy an iPhoneX. This is a controlled science lab experiment, nobody is doing this in real life. Waste of time here.

But if somebody did get their phone stolen you would just cancel your card straight away anyway. The numbers people have in terms of account in the wallet section doesn't show your full bank card number. Only the last 4 digits afterall.

I know my natwest bank app doesn't even work for face ID yet.

One where you would be exposed would be somebody knowing your address.

But with Natwest here you can’t do that

You need a card reader to do that and your account customer number pin

Without that you can’t transfer it to any new account

And the prize for completely missing the point goes to...

Jesus, I don't care about the iPhone X for many reasons, I don't like many of the decisions Apple are taking - but seriously, the security of FaceID being tricked by elaborate masks is an issue for precisely no-one.

Oh wait some late competition here!


Are you talking about 4-digit passcode or a 16-alphanumerical passcode that i have on my phone? The 16-passcode is my backup to FaceID. But you think that security cameras in stores, malls, etc. cannot take a peek at your phone while you entered in your passcode? Or someone peeking over your shoulders? Or someone looking at prints on your screen to see where the smudges are?
[doublepost=1511840615][/doublepost]

Yeah, like putting a stupid ass fingerprint reader on the back of a phone...but lets put it in a corner too! Now, THAT is a solution to a problem!

Are you for Face ID or against? Some of your 60 posts in this thread have been a bit ambiguous.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.