I wouldn't be concerned about a joe dirt off the street using this to get into my phone -- however, if you are a criminal or terrorist and the government is now in possession of your phone, it seems they would be able to easily defeat faceID (if it was the main method to lock the phone).
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On
- Thread starter MacRumors
- Start date
- Sort by reaction score
don't you think the government taking a fingerprint from the phone or from your house or your car or from a database (concealed carry licenses in many states, TSA fast track all require a fingerprint scan) and printing it on a piece of plastic to unlock the fingerprint sensor isn't the same issue? the fingerprint sensor in the other iphones can be easily fooled by a printed fingerprint on a plastic film
FaceID updates the image that it is matching after a successful match, and (probably) after an unsuccessful match after you enter the passcode. Without passcode, you have just five attempts, and FaceID will not update anything during unsuccessful attempts.
If someone wants to go to that much trouble to unlock a phone, I feel like they deserve to be able to.
It would be FAR easier for them to defeat you personally than to go through the potentially fruitless effort of defeating FaceID. A pipe wrench is way cheaper and you don’t have to hire too many guys to implement the use of one.
And we are still waiting for a single independent verification of a replication of the technique.
Assuming they know you personally with just your phone, you gave them high res pictures of your face, a mold of your face, and the passcode so they could train FaceID to open when their mask failed the 5 attempts before no more Face ID, then yes.
"Vietnamese cyber security company" ... because we all know Vietnam is a hotbed for cutting edge IT security companies
You mean easier to fool TouchID as demonstrated here? LOL! https://forums.macrumors.com/thread...f-original-fingerprint.1642817/#post-17977807
On the other hand, once I have a mask of yours, I can just keep using it regardless of where and when. In another word, I am you, in the eyes of FaceID.
TouchID is much more secured than FaceID. Period.
[doublepost=1511924763][/doublepost]
You ignored the fact that when TouchID fails to work it at least does not give a false positive; whereas FaceID does. Which is an ultimate fail.
Last edited:
I hate these articles. If someone actually went out of their way to create a mask of my face so they can access my phone... then i'll just give them the unlock passcode.
I'm actually honored that people will go through this just for me.
I'm actually honored that people will go through this just for me.
A photo of someone is certainly much easier to obtain than a fingerprint of someone. So exactly, how is FaceID more secure?
Last edited:
Google this: TouchID and playdoh.
False positive? Are you freaking kidding me?!
Period. Get some facts before posting. Period.
[doublepost=1511926393][/doublepost]
Fingerprint can be photographed from afar, can be lifted off any surface you touch, etc.. And like FaceID, your fingerprint cannot be changed.
[doublepost=1511926780][/doublepost]TouchID bypass:
1:11 part of video. A SIMPLE PHOTO of a finger is enough.
Last edited:
Not sure of what false positive I am talking about? Err...you are aware of the thread we are currently on right?
I am well aware of the play-doh hack. So what are you trying to prove with it? If anything, it means we need the next generation of TouchID which scans at 2000 ppi and handles wet fingers with ease.
And last time I check, unless you are some FBI agent collecting evidence at a crime scene. Otherwise, I haven't seen anyone sniffing around my place just for my fingerprint.
Last edited:
No false positive with TouchID?!?!
Dude, touchID is far EASIER and CHEAPER to spoof. PERIOD.
Dude, you want to calm down a bit?
Sure, you can generate a false positive on any security measure. However, I've only seen TouchID being fooled by highly skilled hackers. I sure haven't seen it being fooled by twins or sons.
And let's face it, if a hacker wants something the hacker will get it. One way or another.
Really? Aren’t you curious about how things work? Not everything is about getting “clicks”.
I, for one, welcome people testing the weaknesses of systems that we rely upon.
It actually didn't show anything. How did they manage to create a mask that worked? By creating a mask, trying it, changing it, trying again until they had it working. You can bet that required passcode unlocks, and they didn't show that. Plus they had the presenter available in person. If they steal someone's phone, that person isn't available.
I do wonder.
Thinking about this from a practical standpoint, FaceID, dependent on how it manipulates the data is holds, could get less secure over time.
Everyone is simply assuming it will get more secure as it see's your face in different ways.
But please, just STOP and think about this for a moment.
1st 3D scan of your face, THAT is the face it needs to unlock with.
Then over time you use face ID.
It then has to add into this:
Make-Up on, Make-Up off.
Hair in many styles.
Glasses on and off
Facial hair, perhaps various styles
Changes of expression / time of day / how you look
Lighting variations.
All this, in reality will be allowing more "slop in the system" as it's having to let you in, whilst allowing for variations.
Put it another way.
Take a normal 2D photo and saying only if someone looks like THIS wil it be ok.
Then take 100 photos of the person in all different looks, and then say, any of these additional 100 looks will be ok also.
Which is the more secure? the 1st photo, or the latter range of 100 ?
Thinking about this from a practical standpoint, FaceID, dependent on how it manipulates the data is holds, could get less secure over time.
Everyone is simply assuming it will get more secure as it see's your face in different ways.
But please, just STOP and think about this for a moment.
1st 3D scan of your face, THAT is the face it needs to unlock with.
Then over time you use face ID.
It then has to add into this:
Make-Up on, Make-Up off.
Hair in many styles.
Glasses on and off
Facial hair, perhaps various styles
Changes of expression / time of day / how you look
Lighting variations.
All this, in reality will be allowing more "slop in the system" as it's having to let you in, whilst allowing for variations.
Put it another way.
Take a normal 2D photo and saying only if someone looks like THIS wil it be ok.
Then take 100 photos of the person in all different looks, and then say, any of these additional 100 looks will be ok also.
Which is the more secure? the 1st photo, or the latter range of 100 ?
Isn't the majority of what FaceID does related to a physical 3D scan of your face?
If so... then makeup on/off would have no impact on the shape of your face.
Nor will hair up/down, time of day, etc.
From what I understand (I haven't done a deep-dive into Apple's white-paper) the iPhone is blasting 30,000 IR dots onto your face and reading the depth map.
If you wear red lipstick one day and not the next day... the basic shape of your face hasn't changed.
Even if you setup FaceID with a big bushy beard and then shave it off... there should be enough other depth info from your cheekbones, eye sockets, forehead, etc, to prove that it is you. (if not... just use your passcode and the phone will learn that it's you... albeit without the beard covering your chin)
I understand your point about "slop in the system" but it's designed to work with the slop.
But again... even if you have 100 different looks... your face still has the same overall shape.
The basic depth map of your face doesn't change every day... if at all.
Good point.
But the average user shouldn't be worried about his fingerprints being stolen or FaceID being fooled by a mask.
I guess the vast majority of attacks against users will always require stealing their password via phishing or similar kind of scams.
That was not what you said. Ok, we agree...TouchID can be hacked very easily by using cheap materials such as Playdoh.
As for IDENTICAL twins, true. Son? No. Read the WIRED article again.
It is not a photo, it is a collection of photos from different angles in order to reconstruct a 3D model of your face. A single photo is not enough. A single photo of a fingerprint has been used in the past to fool fingerprint-based security
Trust me, this is SO simple.
All I have to do is take your phone without you seeing me take it.
Hold the phone up, pointing at your face, and either call you or tap you on the shoulder, you turn to see what it is, and naturally you look at this phone for a moment before your brain kick in and BLAM it's unlocked and I do a runner.
Potentially it's even easier than that.
I only need to have the "chin" exposed.
I could put the phone behind a cloth or anything, so you just look at the thing I'm holding with you phone behind, and again the phone is unlocked but this time you have no idea it was your phone you just looked at.
If someone set up a little routine and a prop, it would be so so easy to unlock your phone this way by you looking at it without realizing.
Far far easier than taking your phone and trying to get you to touch, touch ID.
And the prize for completely missing the point goes to...
Oh wait some late competition here!
Are you for Face ID or against? Some of your 60 posts in this thread have been a bit ambiguous.