Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On
- Thread starter MacRumors
- Start date
- Sort by reaction score
In practice, not likely to be an issue.
I'm guessing this is garnering attention because Apple made the claim that this is magnitudes more secure than Touch ID.
I'm guessing this is garnering attention because Apple made the claim that this is magnitudes more secure than Touch ID.
No, but it requires far less effort to create a fake fingerprint to bypass Touch ID.
True.
Actually, I don't remember that Apple ever claimed FaceId was more secure than TouchId. Did they?
I thought that all they said, was that it was much less likely to run across a biometric match (well, unless a twin).
Everyone else warped that into thinking it meant it was more "secure". But "secure" can mean more than just how often it gets a false positive.
Apple didn't even say that it was mask-proof. Instead, they simply said that they had enlisted mask makers to help them make it more mask-proof. Maybe it went from easy to fool to only medium hard to fool. But again, they knew that others would warp the meaning.
Not period. Just print the fingerprint onto gel; immediately easier than touchid. Do your homework.
So let me ask...how does my fingerprint ever get on a play-doh or some gel? Unless someone with malicious intent to capture my fingerprint, this will never happen.
How do we compare that to Touch ID? How secure is it?
Some random person can use their finger to unlock your iPhone is about 1 in 50K
similar statistics for Face ID... 1 in 1 million
I'm not a tech writer nor anything of that sort (so the way it was worded may have indicated otherwise), but would this not imply that Face ID is more secure?
Last edited:
I agree 100% and I wouldn't likely use MFA but it would be trivial to offer it as an option for the 0.1% of security nerds out there that would like it. The point of MFA is that that if you know my passcode you also have to have my fingerprint or face and/or have some kind of token (i.e. NFC tag) to use it - no one piece would work. I imagine that if you used BT you could even just have the token somewhere nearby (such as in your pocket) so the speed would be the same as it is now for Touch/Face ID.
Heck you could even have it act differently in different "trusted" geo-fenced locations: at home, single factor - away 2 factor.
I never said NFC and BT by themselves would be secure enough, but as a 2nd factor, they are great.
Right, more secure. With the "metric" being "how likely is it that some random person can pick up your phone and get into it." This is the main and most valid use case. Because, anyone that wants in your phone bad enough is likely to get INTO your phone especially if they have your phone AND you AND, to some degree, a bit of your cooperation (either by sitting around for a couple days while they get at your biometric data OR use the pipe wrench method for a much quicker way in).
With Touch ID, they take small patches of readings of random parts of your thumb or finger. NOT the whole thing. This means that a false positive can be obtained by a thumb or finger that matches the areas they're doing readings of. By their reckoning, if you have a a random thumb meet a random Touch ID enabled phone, 1 person in 50,000 would have the right variability in the right area and will be able to unlock it. With random face and random Face ID, the likelihood of a match is much less because of the way they're doing the scanning.
It's similar to cars, back in the day, it just so happened that a friend of my mom's could open her car using her own car's key. And vice versa. They made a LOT of variances in the keys, but the variance isn't infinite. So, the likelihood that some random person's key can open your car is expected to be LOW ENOUGH but not impossible. In this case, Apple has data that lets them state that 1 out of every 50,000 random "keys" is going to work for Touch ID and states that 1 out of every million random "keys" is going to work for Face ID.
Last edited:
How would they demo it?
[doublepost=1512151201][/doublepost]
It doesn’t matter, once a working technique is out, people will work to find the parameters and lower the requirements (incl. cost) of creating a mask.
That’s how it worked with TouchID. Took them a while to hack it, but pretty soon people were flogging stolen iPhones with reset/replaced TouchID.
I find the opposite. Face ID is fast and less movements to get to notifications. With Touch ID it can take up to 4 interactions to get to a notification.
Just because you state something on the internet does not make it fact. It’s called opinion.
10 fingers or one finger. What difference does it make when you can observe what finger someone uses for Touch ID? If you can obtain a persons prints you can observe what finger they use. Far easier and less expensive than recreating a persons face
Having hands or other devices on the face could trigger face ID to see an "unrecognized face" and then switch to PIN input. Just like what happened on-stage at the keynote.
Look, in the end, it's still not a job for most hackers. Just to get to this point requires a lot of fairly complicated work, even with the lower cost of 3-D printing nowadays.
The "/s" at the end of the post seems to imply that.Are you being sarcastic?
Face ID insecurity just keeps getting worse. It has failed twin test, siblings of different ages, uncle-nephew and now unrelated coworkers.
http://www.ladbible.com/news/weird-...o-workers-face-can-unlock-her-iphone-20171215
http://www.ladbible.com/news/weird-...o-workers-face-can-unlock-her-iphone-20171215
I’ve yet to see a video where Face ID has been cracked where the user didn’t JUST set up the feature.
People are harping on this way too much. If you need that much security that you’re worried about evil phantom phone crackers looking to get in your phone you better be using something to secure your phone better than biometrics.
People are harping on this way too much. If you need that much security that you’re worried about evil phantom phone crackers looking to get in your phone you better be using something to secure your phone better than biometrics.
Geez I hope my evil twin doesn’t have a reason to steal my phone lol. How ridiculous! I’ve given my phone to everyone in my family. No luck! I’ve given it to a few friends. No luck! Face ID works fine.
Remember, we don’t know the back story to this. This was reported in China...so, take it with a grain of salt.
Twin test...no crap! That was a given already...IDENTICAL TWINS can cause FaceID issues. Known issue.
Siblings of different ages? Haven’t heard that. Can you show me?
Uncle-nephew? Show me.