When Face ID was announced back in September, many shared their concerns regarding the new feature's possible limitations. Though Apple assured users that Face ID would be extremely difficult to deceive, everyone from security researchers to pranksters have been waiting with bated breath for the iPhone X to be released so they could test that claim.
Now, just a week after people actually started getting their hands on Apple's new flagship model, Vietnamese security firm Bkav announced in a blog post it has successfully spoofed Face ID with a fairly rudimentary mask.
Andy Greenberg of Wired addressed the claims in more detail:
It's important to distinguish this type of spoofing attack from an actual hack. At no time did anyone break into Apple's secure enclave, access any Face ID data, or get around the hardware of the system.
As far the spoof goes, Greenberg also notes that in order to pull this trickery off, a person would have to dedicate a good amount of time and effort to the project and have pretty regular access to your face. According to Bkav's researchers, their method requires at least five minutes of 3D facial scanning and measuring, and is therefore not necessarily something the average user would need to worry about:
It's also worth noting that the security firm doesn't specify whether it trained Face ID against the mask.
If you carefully craft a 100% reproduction of a key, you can probably unlock the same tumblers the original does. This is not new tech. Stop talking about it if you refuse to understand it. https://t.co/8OsjJWbVaPIf you carefully craft a 100% reproduction of a key, you can probably unlock the same tumblers the original does. This is not new tech. Stop talking about it if you refuse to understand it. https://t.co/8OsjJWbVaP— Jerry Hildenbrand (@gbhil) November 12, 2017November 12, 2017
In the end, if you've recently purchased an iPhone X, you're no more at risk than you were back when you used your fingerprint to unlock your device. If you remember, when Touch ID launched we saw a similar spate of CSI-style spoofing there as well.
If you're a Bruce Wayne-level elite or a secret agent of some kind, just keep taking the same precautions you did before you upgraded. However, if you're just a run-of-the-mill iPhone wielder like the rest of us average folk, it's super unlikely that your content is in danger.
What do you think about the individuals at Bkav allegedly fooling Face ID? Let us know in the comments.
Tory Foulk is a writer at Mobile Nations. She lives at the intersection of technology and sorcery and enjoys radio, bees, and houses in small towns. When she isn't working on articles, you'll likely find her listening to her favorite podcasts in a carefully curated blanket nest. You can follow her on Twitter at @tsfoulk.
Much ado about nothing etc.
Doesn't sound simple
It sounds like breaking FaceID is pretty difficult if it took this expert this many tries, time, and planning. It gives me more confidence in FaceID.
Eh, it could become easier is the problem. It took this amount of research up front, but now that it's out, it's possible it'll become easier and easier to do.
The video does not show much. How do we know what face was used to train it and if that was the first attempt. Not like I am going to let someone have me sit down scan my face and try to make a mask out of it. Would love to see this from start to finish.
The whole thing is a fake job. And not a very good one at that. The whole "Swipe and say 'WHOA'" is just obfuscation, a classic magician's trick. All they should do to prove that the spoof works is to face the phone at the mask and show the lock icon moving to the unlock position. If you look at the video, however, you will see that the icon NEVER displays in the unlock position. The whole demonstration should be calmly repeatable a dozen times in a row in 30 seconds. Off button - wake the screen - show the lock icon "unlocking". Rinse and repeat. Forget the swipe - that is not evidence of the unlock. Only the icon is relevant.
Get the best of iMore in in your inbox, every day!
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.