"To get into his phone..."
"...I will become him."
"If you're Sean Archer, then I must be," *click* "Login successful," "Castor Troy"
iPhone X FaceID Can Be Fooled By a Mask
- Thread starter digitalrelic
- Start date
"...I will become him."
"If you're Sean Archer, then I must be," *click* "Login successful," "Castor Troy"
Write an app for snapchat that does this and people will probably do it for you.
I have no idea if this would actually work
If you can make a fingerprint cast, you can fool touchID. It's no different from faceID or any biometric lock. The question has always been whether the difficulty of fooling touchid/faceid makes it prohibitive for people to target the average person. If you're someone of importance that's a difference story and you probably shouldn't be relying on this alone.
I mean, people aren't keeping top secrets documents or w/e on their iPhones are they? Like I can see some espionage shit being used for a high profile stolen phone, but uhh, I don't think commercial phone companies are responsible to make your data secure in that regard. I think that's what security companies are for.
If anything, this mask seems more difficult to produce than a fingerprint cast.
But yes. Lets get this out of the way. Apple fucking sucks it's not secure enough to hide my nude pictures from my neighbor who will use a 3D printer to recreate parts of my face.
If anything, this mask seems more difficult to produce than a fingerprint cast.
But yes. Lets get this out of the way. Apple fucking sucks it's not secure enough to hide my nude pictures from my neighbor who will use a 3D printer to recreate parts of my face.
I do think this thread title is a tad disingenuous and underselling the feat here. lol
TouchID was cracked in less than 48 hours.
TouchID was cracked in less than 48 hours.
It plays into situations like this: https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute
Facial ID scanning is inherently less secure than the 4-digit pin, for all the reasons explained in this topic. They don't even need you to be present to 3D scan your face to gain this type of unlock, an AI using multiple pictures of a subject could likely do the very same (i.e. construct a recreation of the shape of your face, then 3D print it out to be depth sensed).
This isn't a problem of security regarding your friends drinking and grabbing your phone at the bar.
But you can train FaceID to only recognize you when you stick out your tongue or give a weird face.
That would add a layer of security that would be very difficult for a simple mask.
That's true machine learning can recreate a face easier than a fingerprint because access to pictures online. But overall my idea is that Apple is not responsible to make data that secure. If they can protect your phone from snooping coworkers or family members, and if your phone gets pocket-picked off you, it needs to be secure enough that some amateur can't use your credit card from Apple pay, those things are good enough. Overall, anyone can hack your debit card at a gas station, or pinch your wallet out of your pocket and empty your cards. The phone is already 1000 times more secure as a wallet with features like faceID, touchID, find my iPhone, lock and sound an alarm on your phone from a distance.
If I wanted to keep my phone secure because I'm a spy or something I would use a custom passcode with total of 16 characters including numbers and special characters and call it a day. Try using a brute force attack on a 16-character anything goes password lol. Gonna take thousands of years in parallel. FaceID and touchID are enough for 99.9999% of the population.
Apple, and their customers, disagree. Thats why this is coming to light -- one of the claims about the move to facial ID is that it was more secure than touch id. Groups reporting how they can break said security systems is important, because by Apple's own claims, the privacy of their customers is their responsibility.
Fair enough haha. I can't argue against having better security and features in the future, or what's claimed to be right now!
What about when their claims are nonsense and fail under scrutiny?
It's easier to get a selfie than clean prints, and I imagine they can cut cost down further by gaming the algorithm. Even more problematic is similar looking siblings have reportedly been able to trigger it. It also seems to false negative more than touch ID from what I've been hearing. A very poor look for Apple.
That's not really the point though, the point is that it isn't as secure as Apple claims. It's shameful, imo.
You'd think the "hackers" would be willing to answer basic questions about what they did. Unfortunately they aren't, so they come off as con artists instead. There's little reason to take their word about this.
Also, even if we granted their claims, how does this prove it isn't more secure than TouchID?
I agree but the finger print has been done too (but with much more effort). I remain unconvinced for both of them. Still use a PIN number personally.
It is getting easier every year to reproduce a 3D model from different photos thanks to deep learning algorithms so it is definitely an issue.
But what if I make a mask of someone else and use the mask as my face ID. Then no one would know who I made the mask of cause they think it's me they're trying to make a mask of
If you know how this technology works, then what they did is obvious.
Face ID isn't a revolutionary security feature, it's a feature which technically sacrifices some degree of security for convenience. For the vast, vast majority of people the level of security is still well adequate. For those who personally dislike the sacrifice in security, or are high profile enough to need extra security, passwords remain an option.
Of course this discounts a number of very real factors. People don't like passwords and pins because they have to remember something, its slower, and practically speaking it's less secure for the average person as your mate Dave is going to be able to see and abuse your pin pretty easily if they care. Dave's not gonna 3d print your head though. In that sense, for a majority of the populace, it is more secure. Even if on a technical level it is less secure as you discount practicality in hacking and only account for feasibility.
Regardless, there's really no reason for a kerfuffle.
Of course this discounts a number of very real factors. People don't like passwords and pins because they have to remember something, its slower, and practically speaking it's less secure for the average person as your mate Dave is going to be able to see and abuse your pin pretty easily if they care. Dave's not gonna 3d print your head though. In that sense, for a majority of the populace, it is more secure. Even if on a technical level it is less secure as you discount practicality in hacking and only account for feasibility.
Regardless, there's really no reason for a kerfuffle.
Yeah? I've read the article, and the kinds of questions they are asking belies a complete lack of how these technologies work. Like when they cite apple claiming that the phone sources additional training data for the convolutional neural network from repeated scans of the face? Uh, so? Of course it does, that's how a deep learning application like this would work. That in no way would disqualify a mask.
In other words, your attempt to appeal to authority isn't a killer as you think it is.
It would provide the proper context. Is the mask a concern in reality, where learning is a factor, or only in a fake situation where the Face ID is taught the mask over time or even set up to use the mask to begin with? Dismissing these is ridiculous.
They are dismissed because they misunderstand the point of learning in the first place. The reason they "learn" is because a person's face is not unchanging nor would the scanning be from the same exact angle each time, which is what necessitates convolution in the first place. The training data they are receiving, from the perspective of the computer (or phone), makes different faces appear more uniform to make identification easier, which grants a greater percentage of false identifications. Using a mask wouldn't make this process easier.
Which, again, belies an understanding of how the process works in the very first place. The questions they are asking aren't damning.
"Did they train with the mask" is the question. They also want to know how the created the mask (did the owner help? Pictures? What?).
No one is arguing about what's theoretically possible. Obviously an accurate copy of a face will work. What people want to know is if they need to worry about this in reality.
Again, it doesn't matter because training without a mask would make the ID system more prone to false ID, not less.
How they made the mask is also not important, especially when you know how these types of systems check for. As time goes forward, making these kinds of masks with AI will become more trivial and more accurate.
In reality, yes, it works. Thats why people are talking.
Ok so the "victim" actively participating in the creation of the mask to defeat this security means it works in reality?