One week after release, iPhone X's Face ID reportedly defeated by a $150 mask


#1

Originally published at: https://boingboing.net/2017/11/13/its-showtime.html


#2

So, given a good 3D scan of half of someone’s face and skills in silicone mask making, makeup artistry, 3D rendering and 3D printing you too can “easily” foil a locked phone! Wow.


#3

I dunno, I get the feeling that simply messing with the gloss levels on a high end photo would do the same thing.


#4

That’s what I’m wondering too. Did they train it on the mask (ie scan the mask, fail, then enter the pin)? If so, big whoop.


#5

The first line from one of the linked articles.

Q: How Face ID was set up?

A: It learns from human face, just like normal.


#6

Right. But if it ever failed when shown a mask, did they enter the PIN? Face ID continues to learn as you use it. If you show it the mask, then tell the phone that the mask should be accepted, then you are training on the mask after set up.

Like the fingerprint sensor, face id isn’t perfect. If you are worried that some criminal is going to go to the trouble of making a mask of your face that’s going to work with your particular phone (each phone puts out a different dot-grid), then don’t train it. Use a strong password.

Most people just want to keep room mates, and co-workers out of their phones and face id and fingerprint sensing are both great for that.


#7

Mmmm corporate world - getting into someone’s phone could have massive value. Even simply jealous colleagues looking for compromising information. Photos. Or to send a compromising email from the account.


#8

They appear to have trained the iphone using the passcode/password over dozens/hundreds of failed authorisations to accept the 3D Scan so they already had the passcode, a detailed 3D scan/model & the iPhone for many hours!

Unfortunately I doubt that Cory will revise his post to admit that he forwarded on Fake News…


#9

Even then, no big whoop. They had the cooperation of all of the time.

For a real attack, they have to make a mask like that and succeed in the first three tries or so. After that, FaceID locks, like TouchID and you are back to the code. Also, they have to succeed in 8 hours or so. After that, like TouchID, you need the code.

Like Starbug’s original attack on TouchiID I’m not holding my breath for a real attack in the wild.


#10

See my prior remarks:

It’s not a feasible attack. And Mail is far easier to fake. Since basically everyone sends unencrypted mails, just bribe the postmaster to slip this into the mail queue.


#11

Don’t get cosmetic surgery


#12

#13

The sensor understands depth…


#14

I guess you missed the word “reportedly” in the title, and the caveats that @doctorow led with?


#15

This looks like a prank video done by college students :confused:


#16

I guess you missed the word “reportedly” in the title, and the caveats that @doctorow led with?

Then why even run the story if it hasn’t been confirmed? It’s just unsubstantiated rumor. Oh, right. It gives Cory an opportunity to bash Apple while hiding behind the caveats. Twas ever thus.


#17

I know, right? If Cory wants to post unsubstantiated rumor, innuendo, and opinion then he should get his own blog!


#18

This topic was automatically closed after 5 days. New replies are no longer allowed.