Face ID Hacked, But it Isn’t as Big a Deal as You Think

1 minute read
| Analysis

Security researchers found a way to trick Face ID in the iPhone X, but it’s premature to declare Apple’s 3D facial scanning technology a failure or unsecure. The method the firm used to trick Face ID is complicated and involved making a seriously creepy mask.

Face ID is Apple’s replacement for Touch ID on the iPhone X. Instead of scanning your fingerprint it scans your face to unlock your iPhone and authenticate purchases.

Researchers from Bkav started with a detailed 3D scan of the subjects head, then used a 3D printer to create the mask’s form. Next, an artist reconstructed the subjects eyes, nose, and mouth with latex. With all the pieces in place, Bkav’s mask seems to have fooled Face ID and unlocked the text iPhone X.

They claim their demonstration shows Face ID isn’t as secure as Apple claims. On the contrary, their work shows it’s even more difficult to spoof Face ID than Touch ID.

Computer Chaos Club members bragged about tricking Touch ID when the iPhone 5s was released in 2013. They started by making a high resolution scan of someone’s fingerprint, then output it to a laser printer. The output was then transfered to latex that was used to unlock the phone.

That was a pretty sophisticated process and proved to not be a serious threat to the iPhone’s biometric security measures. Had this been a practical hack it’s a safe bet the FBI would’ve used to get into the San Bernardino mass shooter’s iPhone instead of trying to force Apple to make a hackable iOS version.

Bkav’s Face ID hack is much more involved and their presentation feels a lot like the “How to draw an owl” meme: First you make a sophisticated 3D mask, and then you unlock the iPhone.

What Bkav has really shown is that any security measure is hackable given enough time and resources.

Practically speaking, if you have someone long enough to get a detailed scan of their head there’s a much faster and more reliable method for getting into their phone. It’s amazing how powerful a motivator threatening to break someone’s arm is.

5
Leave a Reply

Please Login to comment
5 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
BlackCorvidwab95Frank Vpjs_boston Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Member
jhorvatic

This is so lame to claim they hacked Face ID. First of all who has the tools to get a scan of someones face and create a 3D mask from it? And how does someone get a scan of someones face without them knowing it? Apple went through the steps making it very hard for someone to put a mask on to fool Face ID. Obviously it worked because this was a hack job that poses no threat to anyone in the real world.

BlackCorvid
Member
BlackCorvid

Just a quibble, the phones used by the San Bernardino shooters were 5C’s weren’t they? No touch ID on those so other than the likelihood that they had a simple 4 digit code, they were safe from biometric hacking.

wab95
Member
wab95

Jeff:

A 3D latex mask of someone’s face, to which you obviously have access to get into a phone? Why not just use the poor bugger’s face, since you obviously have access to it?

This ‘hack’ has all of the internal logic of a ‘faked moon landing’ that involves the launching of real rockets and leaving real artefacts on the moon’s surface, including moon buggies and footprints for good measure, and then pinky-swearing hundreds of thousands of contractors to keep mum…forever.

Frank V
Member
Frank V

Also, do we know if they had “Require Attention for Face ID” switched on and did they train the phone to recognise the mask?

pjs_boston
Member
pjs_boston

It’s quite right that if bad guys want into your phone they’ll just threaten you to give them your passcode rather than go through a laborious 3D scanning, mask making adventure.

Sadly, this logic is completely lost on every single Apple hater on the web 😁