Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I’m terribly frightened that someone will spend $10,000 to design, tool, and manufacture a mask of my face to steal my $1,200 iPhone.

I don't think the actual stealing of the phone is of importance, rather getting access to the information on the phone. Especially for influential people.

One thing that struck me in reading the Wired article of this, http://bit.do/FaceIDCrack, it questions whether someone dead will be able too trigger an unlock. Maybe Apple did this as a compromise to law enforcement that have issues accessing dead folks TouchID?
 
The story about their success omits the fact that the phone would automatically lock after a few failed attempts or 48 hours (whichever comes first) and it took them over a week to successfully create a mask that would fool the sensor, and that was with access to the person whose face they were replicating.
 
Yea not sure why people get worked up over this. Specialized lab, with access to persons face, to recreate said persons face will obviously fool and unlock any biometric system. Re-creating a persons fingerprint was pay easier to do with Touch ID.
 
Doesn’t bother me personally since I’m simply not important enough for anyone to go through that kind of trouble.
 
  • Like
Reactions: brianric
Interesting hint. I don't have the X yet, but is it possible to deactivate the unlock animation?

Not that I am aware. I would think you would have to jailbreak it at the very least to accomplish that.
 
You can replicate someone's fingerprint and gain access to TouchID for a fraction of the cost. Both solutions require you to cooperate with the person to make mold of their fingerprint or gain an accurate 3D scan of their face.
 
Is attention awareness on in any of these tests?

On the one that I posted I think so. In the beginning of the video she talks about it not unlocking unless she looks at it. It could have been turned off for the mask and/or twins test.
 
I had watched the WSJ video in the past, not interested in the click bait video related to this, and The Verge’s coverage. Like others had mentioned, it is relatively trivial to hack TouchID too. In fact, the same method they used on Mythbusters to get into the Laptop & door biometrics also workes on TouchID.
 
  • Like
Reactions: Turtle69Turtle
I’m terribly frightened that someone will spend $10,000 to design, tool, and manufacture a mask of my face to steal my $1,200 iPhone.

Do you think the data on your phone is worth more than $10,000? If you use apple pay for example, wouldn't all your payment info be in there? And chances are if you use a $1000 phone, you have more than $10,000 to lose if someone got your payment information or bank accounts. All your photographs are there, hopefully you don't take any risqué pictures of yourself, would be a shame if those got out. All your contacts. Etc.

My point is just because the hardware is only worth $1000 doesn't mean the information on it doesn't multiply that quickly.
 
  • Like
Reactions: anoobis
Appears fake to me. There is no unlock animation before he swipes up.

It doesn't need to be fake, the "trick" is obvious - he setup Face ID with his face, then pointed it at the mask a few times and entered his passcode, training Face ID to recognize the mask as himself.
 
I call BS on that video as there was no unlock animation on the padlock before he swiped up. Besides the amount of effort, time, equipment and co-operation required if it was actually possible is unrealistic in a real world scenario. Take away any of those 4 things and it's practically impossible to achieve. I am more than happy with the security of Face ID and so are my banks and credit card companies.
 
Last edited:
It doesn't need to be fake, the "trick" is obvious - he setup Face ID with his face, then pointed it at the mask a few times and entered his passcode, training Face ID to recognize the mask as himself.

But he also used his face in the video to unlock
[doublepost=1510589953][/doublepost]TouchID requires physical access to your victim's fingers to coly the print.

It's possible to create a 3d model of a person's face from pictures.

Hilarious that once it's pointed out how hackable the X is, MacRumor user responses: I won't watch the video, I don't have important stuff on my phone, There have been worse breaches
[doublepost=1510590073][/doublepost]https://forums.macrumors.com/threads/face-id-bypassed-by-a-mask.2087466/
 
I’m terribly frightened that someone will spend $10,000 to design, tool, and manufacture a mask of my face to steal my $1,200 iPhone.
It's about your data. If they can get into your financial apps and transfer funds for instance, that's worth a lot more. Or even pay for products using your saved credit card or Apple Pay information.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.