Vietnamese firm trips up iPhone X's Face ID with elaborate mask & makeup

Posted:
in iPhone
A Vietnamese security firm says it has managed to bypass the iPhone X's Face ID system using a mask, in spite of Apple efforts to specifically prevent that deception, but regular users have no obvious reasons to be concerned about the alleged efforts.




The mask combines a 3D-printed frame with makeup, a silicone nose, and 2D images, plus "special processing" in select areas. In a demonstration video, an iPhone X is shown unlocking for both the mask and the person it's based on.

The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops.



During Apple's iPhone X event in September, marketing head Phil Schiller said that the company "worked with professional mask makers and makeup artists in Hollywood" during development, even creating a collection of masks to train the X's neural network.

In practice Bkav-style masks are unlikely to pose a threat, since they would not only be difficult and expensive to make, but require the dimensions of a person's face and detailed imagery.

AppleInsider recently put the iPhone X through a series of tests to see how well Face ID can replace Touch ID.

«1345

Comments

  • Reply 1 of 89
    I'll bet the attention-detection feature is inactive, but still.....
    magman1979watto_cobrajony0
  • Reply 2 of 89
    I call this as total BS, and if not I bet he ID'd the mask and unlocked with real face.
    magman1979patchythepiratewatto_cobraredgeminipajony0
  • Reply 3 of 89
    So it works if someone 3d images your face, that's sorta expected, same for a 3d model of a finger that some have pointed out with touch ID, both require a person to quite obviously try to steal your identity for.
  • Reply 4 of 89
    slurpyslurpy Posts: 4,938member
    "The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. " So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone? Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
    pscooter63StrangeDaysjungmarkericthehalfbeemwhitemike1Bebecalifotoformatradarthekat
  • Reply 5 of 89
    SoliSoli Posts: 6,175member
    neo-tech said:
    I'll bet the attention-detection feature is inactive, but still.....
    I also question that. At the very least, the status of that setting should be stated.
    StrangeDayswatto_cobra
  • Reply 6 of 89
    thrangthrang Posts: 666member
    does anyone give a crap about this?
    badassbriggssupadav03macxpressbaconstangwatto_cobrajony0
  • Reply 7 of 89
    Yawwwwwn 😴
    watto_cobra
  • Reply 8 of 89
    SoliSoli Posts: 6,175member
    thrang said:
    does anyone give a crap about this?
    I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.
    zroger73muthuk_vanalingamdysamoriapscooter63
  • Reply 9 of 89
    Wow, thats so elaborate schme to steal my 999 phone....by that time you made my 3D face, that phone had been brick already....lost phone. Some company wants to make their names by elaborate schemes to dirt put others, go make names for your self by preventing cyber attacks maybe ill share you my money. 
    StrangeDaysmike1caliRenderdogmagman1979watto_cobrajony0
  • Reply 10 of 89
    SendMcjakSendMcjak Posts: 42unconfirmed, member
    Good compromise -- Apple doesn't have to build a backdoor (so long as Law Enforcement avoids a headshot).
    muthuk_vanalingamwatto_cobrajasenj1
  • Reply 11 of 89
    These types of videos always crack me up. I remember the same thing happening when TouchID was introduced. There are so many unlikely factors that need to come together perfectly for this to matter. Everyone knows the system isn’t full proof but I works well enough for 99% of real, everyday life situations. 
    mike1caliStrangeDaysmagman1979watto_cobra
  • Reply 12 of 89
    jungmarkjungmark Posts: 6,483member
    slurpy said:
    "The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. " So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone? Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.
    Exactly. They are just seeking attention.
    Bebecaliradarthekatmagman1979pscooter63watto_cobra
  • Reply 13 of 89
    I call this as total BS, and if not I bet he ID'd the mask and unlocked with real face.

    Bingo. This is just like all the TouchID hacks. Nobody shows a video of the entire process end-to-end so you have no idea how many times they failed or how they did the device enrollment.
    bloggerblogStrangeDaysradarthekatmagman1979pscooter63watto_cobrabrometheus
  • Reply 14 of 89
    I’m willing to bet that not only was attention awareness disabled, but that they trained the device for the mask too. 

    Think aboht it, they had to build a mask well enough to try to fill it. They build it a bit, doesn’t work, enter passcode, some training ensues. Repeat until you get to where both the person and the mask enable entry. 

    Total BS to even give false attention to these people so that more people will be too afraid to trust the higher security. 
    radarthekatwatto_cobra
  • Reply 15 of 89
    wood1208wood1208 Posts: 1,277member
    For many years, face ID deception will be fun news where all short of methods will be tried to make the media news.
    watto_cobra
  • Reply 16 of 89
    Rayz2016Rayz2016 Posts: 3,169member
    I’m guessing this required a small measure of co-operation from the phone’s owner. 

    Still it does point to another possible point of failure for FaceID:

    What if a pickpocket steals your phone, then shouts, “Hey you!”

    When you turn around, he takes a 3D scan of your face, a picture of your eyes and a mould of your nose, before running off. 

    Now, with access silicon casting apparatus, a 3D printer and a reasonably talented portrait artist, he now has access to your phone until you reach can reach a computer to brick it … which will probably take you about an hour. 


    StrangeDaysradarthekatOferwatto_cobra
  • Reply 17 of 89
    BebeBebe Posts: 49member
    This is just another company seeking attention as one poster said.  Not worried about it.  Can't wait for mine  :s
    watto_cobra
  • Reply 18 of 89
    Rayz2016Rayz2016 Posts: 3,169member
    “Special processing”?

    What is “special processing”?

    These people need to show their working. 
    radarthekatmagman1979watto_cobra
  • Reply 19 of 89
    Like I said this is BS since we didn't see the enrollment process. Even if we ignore all the countless attempts where more accurate masks were built and still didn't work, the iPhone X still beats the Pixel's attempt were I was able to immediately unlock it using a FB profile pic.
    radarthekatmagman1979watto_cobra
  • Reply 20 of 89
    Bkav is just another internet troll looking for attention.  There's nothing to see here...
    magman1979watto_cobra
Sign In or Register to comment.