A major credit bureau (Equifax) gave up hundreds of millions of social security numbers in a hacking incident. I'm not too worried about this compared to that.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Face ID bypassed by a mask. [MERGED]
- Thread starter everythingapplerainbow
- Start date
- Sort by reaction score
I’m terribly frightened that someone will spend $10,000 to design, tool, and manufacture a mask of my face to steal my $1,200 iPhone.
Appears fake to me. There is no unlock animation before he swipes up.
I don't think the actual stealing of the phone is of importance, rather getting access to the information on the phone. Especially for influential people.
One thing that struck me in reading the Wired article of this, http://bit.do/FaceIDCrack, it questions whether someone dead will be able too trigger an unlock. Maybe Apple did this as a compromise to law enforcement that have issues accessing dead folks TouchID?
The story about their success omits the fact that the phone would automatically lock after a few failed attempts or 48 hours (whichever comes first) and it took them over a week to successfully create a mask that would fool the sensor, and that was with access to the person whose face they were replicating.
Yea not sure why people get worked up over this. Specialized lab, with access to persons face, to recreate said persons face will obviously fool and unlock any biometric system. Re-creating a persons fingerprint was pay easier to do with Touch ID.
The video has a loophole. He didn't show how he taught his face. It means he could teach not his face but the mask, or he could teach both. Since iPhoneX learns whenever it is being unlocked, both face can be taught.
Interesting hint. I don't have the X yet, but is it possible to deactivate the unlock animation?
Not that I am aware. I would think you would have to jailbreak it at the very least to accomplish that.
nope, if there is I can't find the setting because I'd love to get rid of having to swipe up
This is the type of thing that only a government might attempt. If you are a spy then just use the passcode.
On the one that I posted I think so. In the beginning of the video she talks about it not unlocking unless she looks at it. It could have been turned off for the mask and/or twins test.
I had watched the WSJ video in the past, not interested in the click bait video related to this, and The Verge’s coverage. Like others had mentioned, it is relatively trivial to hack TouchID too. In fact, the same method they used on Mythbusters to get into the Laptop & door biometrics also workes on TouchID.
Do you think the data on your phone is worth more than $10,000? If you use apple pay for example, wouldn't all your payment info be in there? And chances are if you use a $1000 phone, you have more than $10,000 to lose if someone got your payment information or bank accounts. All your photographs are there, hopefully you don't take any risqué pictures of yourself, would be a shame if those got out. All your contacts. Etc.
My point is just because the hardware is only worth $1000 doesn't mean the information on it doesn't multiply that quickly.
It doesn't need to be fake, the "trick" is obvious - he setup Face ID with his face, then pointed it at the mask a few times and entered his passcode, training Face ID to recognize the mask as himself.
I call BS on that video as there was no unlock animation on the padlock before he swiped up. Besides the amount of effort, time, equipment and co-operation required if it was actually possible is unrealistic in a real world scenario. Take away any of those 4 things and it's practically impossible to achieve. I am more than happy with the security of Face ID and so are my banks and credit card companies.
Last edited:
But he also used his face in the video to unlock
[doublepost=1510589953][/doublepost]TouchID requires physical access to your victim's fingers to coly the print.
It's possible to create a 3d model of a person's face from pictures.
Hilarious that once it's pointed out how hackable the X is, MacRumor user responses: I won't watch the video, I don't have important stuff on my phone, There have been worse breaches
[doublepost=1510590073][/doublepost]https://forums.macrumors.com/threads/face-id-bypassed-by-a-mask.2087466/
It's about your data. If they can get into your financial apps and transfer funds for instance, that's worth a lot more. Or even pay for products using your saved credit card or Apple Pay information.