It usually doesn’t take very long. Whether it is fooling the fingerprint reader or jailbreaking an iPhone, it often comes within hours of a new device or software release. Maybe, in this case, it says that Apple did good because it took a week to break Face ID.
On the other hand, it only took about $150 to do it.
Wired spent thousands trying to create 3D masks and were unable to fool it, but some hackers in Vietnam it on a budget.
In Apple’s defense, they did have to spend about 5 minutes videoing the subject to get good data, but if you are going after a politician or a celebrity, getting 5 minutes of HiDef video will not be a problem.
The first thing they did is take the video and make a 3D printed frame for the attack.
Next they added a silicon nose.
Finally, they 2D printed (like on a piece of paper) the user’s eyes and attached them to the mask,
In the demo, when they uncovered the mask, the iPhone X unlocked.
So much for security on your $1,000 phone.
Probably, for the average person, the level of security FaceID provides is adequate.
But remember, the iPhone X is a status symbol, not a phone. Who is going to buy them are business executives on expense accounts and politicians using other people’s money. Those are great targets for the bad guys and worth, for sure, spending $150 to compromise their phone.
In fairness to Apple, the researchers have not revealed enough details to enable people to recreate this.
In fairness to the researchers, they have presented previous hacks of Lenovo and Toshiba facial recognition at Black Hat.
So, depending on your level of concern regarding the security of your phone, a good old password is likely best. Make it reasonably long and avoid the glitz.
For the billionaires who buy an iPhone X, you might want to reconsider your proclivity for convenience over security and steer clear of FaceID.
Information for this post came from Wired.