iPhone Face ID not fooled in fake head test as Android rivals fail

Posted:
in iPhone edited August 2020
A 3D-printed head has shown that while Apple's Face ID is a secure biometric authentication system, other facial recognition systems used by Android-based smartphones are able to be fooled and unlocked by the fake cranium.

A 3D-printed head used to test smartphone facial recognition systems (via Forbes)
A 3D-printed head used to test smartphone facial recognition systems (via Forbes)


While facial recognition has been around for some time, the arrival of Face ID on the iPhone X prompted the biometric authentication type to become more commonplace. While more popular to use, Android versions don't use the same TrueDepth camera array and 3D-scanning technology as Apple, with the use of a single 2D image potentially making them susceptible to attack.

A recent test of four Android smartphones and an iPhone X was recently performed by Forbes, to try and fool the face-based security systems using a replica head. Produced by the UK-based Backface, a subject's head was created into a 3D image that was then 3D printed to life-size proportions using gypsum powder, at a cost of around 300 ($380).

For each test, the smartphones were registered to the real head of the subject, before being tested against the fake version. Notably, while the Android smartphones were all able to be beaten by the plastic face, the iPhone X was the only device on test to successfully prevent access in all instances.

The iPhone X was tested alongside the LG G7 ThinQ, the Samsung S9, Samsung Note 8, and the OnePlus 6.

The LG's initial test opened up straight away, though it is noted there was an update where LG improved the facial recognition system. After the update, it was much harder to unlock with the fake head, but it was possible under the right lighting conditions. The OnePlus 6 also opened relatively quickly.

The Samsung S9's facial recognition was defeated after multiple attempts, with varying angles and lighting, but its iris recognition system wasn't able to be beaten. The Note 8 offers two speeds of facial recognition, with the quicker option obviously less secure, but both were able to be beaten with some adjustments to the environment.

It is notable that, in the case of LG and Samsung, warnings are provided to the user about the facial recognition making a device "less secure," and that it could be unlocked by people or objects that resemble the user.

While most Android devices use a single camera lens for facial recognition, Apple's Face ID produces a depth mask of the user's face, providing a true 3D representation for authentication that is less easily fooled by printouts and other simple attempts to defeat it. At the iPhone X's launch, Apple also claimed it worked with professional mask makers and makeup artists in Hollywood during its development, and produced its own masks to train the onboard neural network.

That said, Face ID is not entirely unbeatable, as shortly after launch, two elaborate masks were able to defeat it, including one that cost just $200 to produce, but considerable effort and knowledge was required for its creation. It is also possible to be fooled by identical twins, and in one case, by one user's 10-year-old child with a familial resemblance.
cornchip
«1345

Comments

  • Reply 1 of 83
    MplsPMplsP Posts: 3,911member
    One more for Apple! I guess Android is improving - at least it takes more than a photo to trick it now. 
    That said, Face ID is not entirely unbeatable, as shortly after launch, two elaborate masks were able to defeat it, including one that cost just $200 to produce, but considerable effort and knowledge was required for its creation. It is also possible to be fooled by identical twins, and in one case, by one user's 10-year-old child with a familial resemblance.
    Bkav came out with those claims pretty quickly, but there were also questions as to whether they were real or not and I haven't heard anything since. I just did another google search and all I found were references to their original press release, nothing after that making me question the legitimacy of the claims.
    edited December 2018 bb-15jahbladeDAalsethflashfan207watto_cobra
  • Reply 2 of 83
    gatorguygatorguy Posts: 24,176member
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
  • Reply 3 of 83
    mcdavemcdave Posts: 1,927member
    So if Ethan Hunt steals your ‘droid, you’re in trouble.
    StrangeDayslkruppedredwatto_cobra
  • Reply 4 of 83
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    williamlondonStrangeDaysmagman1979radarthekatwatto_cobrajony0
  • Reply 5 of 83
    tmaytmay Posts: 6,311member
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Apple decided more than a few years ago that they would pursue FaceID even against underscreen TouchID, Maybe it was marketing, maybe FaceID has superior security, maybe FaceID is more convenient. There were plenty of stories about this decision point, but few that had Apple hedging its bet on FaceID.

    Me, I'm waiting for Apple to fold FaceID into the Apple Watch, and other appropriate devices, which would be notably superior to Touch ID, IMO. Not seeing why you care, other than the OP was comparatively unfavorable to Android OS devices.
    edited December 2018 StrangeDayswilliamlondonmagman1979
  • Reply 6 of 83
    gatorguygatorguy Posts: 24,176member
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting.  Having to choose one or the other appears to no longer be a technical requirement. As little as a year ago it was. 

    As for the "marketing" comment I made I meant Android OEM's doing so mostly for that reason and not Apple. 
    edited December 2018
  • Reply 7 of 83
    gatorguy said:
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting. 

    As for the "marketing" comment I made I menat Android OEM's doing so for that reason.
    For me the benefit is that face ID works much more reliably.  No longer do I have to deal with not being able to get my phone unlocked quickly because i have a wet thumb, just put hand lotion on, the button has a smudge from the last unlock, I'm wearing gloves, etc.  I pick my phone up and it knows who I am with or without my glasses, or sunglasses.

    So for me at least, the product is much more user friendly.  That's the goal of devices like phones...to just work.  
    StrangeDayswilliamlondonrazorpitradarthekatsteveau
  • Reply 8 of 83
    gatorguygatorguy Posts: 24,176member
    tmay said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Apple decided more than a few years ago that they would pursue FaceID even against underscreen TouchID, Maybe it was marketing, maybe FaceID has superior security, maybe FaceID is more convenient. There were plenty of stories about this decision point, but few that had Apple hedging its bet on FaceID.

    Me, I'm waiting for Apple to fold FaceID into the Apple Watch, and other appropriate devices, which would be notably superior to Touch ID, IMO. Not seeing why you care, other than the OP was comparatively unfavorable to Android OS devices.
    Which OP? Both MplsP and I were posting our comments at the same time. I wasn't replying to anything he said (obvious since there was no quote included). 

    Besides, I'm not really understanding why you care who has an opinion to share in an Apple vis a vis Android thread. 
    edited December 2018
  • Reply 9 of 83
    I found it fascinating that the neural net figured out how to recognize me with my CPAP nose pillow mask on. I had to unlock with the code a few times, but after that, it has recognized me probably 80% of the time while still recognizing me without the mask on.
    razorpitradarthekat
  • Reply 10 of 83
    DAalsethDAalseth Posts: 2,783member
    airnerd said:
    gatorguy said:
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting. 

    As for the "marketing" comment I made I menat Android OEM's doing so for that reason.
    For me the benefit is that face ID works much more reliably.  No longer do I have to deal with not being able to get my phone unlocked quickly because i have a wet thumb, just put hand lotion on, the button has a smudge from the last unlock, I'm wearing gloves, etc.  I pick my phone up and it knows who I am with or without my glasses, or sunglasses.

    So for me at least, the product is much more user friendly.  That's the goal of devices like phones...to just work.  
    That is the reason I'm looking forward to it when I, someday, update my phone. TouchID works well under ideal conditions but as you said water, lotion, or grease, dirt, sweat, whatever can send me back to typing in a code. 
    williamlondonrazorpit
  • Reply 11 of 83
    Rayz2016Rayz2016 Posts: 6,957member
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    According to Apple:

    Chances of finding an identical fingerprint: 1 in 50,000
    Chances of finding an identical face: 1 in 1,000,000

    So unless you have an evil twin, facial recognition is more secure. It's just the Android implementation that isn't

    So no, it's not just marketing.
    StrangeDaysericthehalfbeewilliamlondonmagman1979AppleExposedrazorpitmacxpressradarthekatjony0
  • Reply 12 of 83
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 

    As someone who lives in a northern climate, being able to unlock my phone without removing my gloves is a pretty big thing. 


    aimbddwilliamlondonmagman1979razorpitradarthekatjony0
  • Reply 13 of 83
    gatorguygatorguy Posts: 24,176member
    DAalseth said:
    airnerd said:
    gatorguy said:
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting. 

    As for the "marketing" comment I made I menat Android OEM's doing so for that reason.
    For me the benefit is that face ID works much more reliably.  No longer do I have to deal with not being able to get my phone unlocked quickly because i have a wet thumb, just put hand lotion on, the button has a smudge from the last unlock, I'm wearing gloves, etc.  I pick my phone up and it knows who I am with or without my glasses, or sunglasses.

    So for me at least, the product is much more user friendly.  That's the goal of devices like phones...to just work.  
    That is the reason I'm looking forward to it when I, someday, update my phone. TouchID works well under ideal conditions but as you said water, lotion, or grease, dirt, sweat, whatever can send me back to typing in a code. 
    I've not ever had that issue with a recent touch sensor, dirt, dampness etc hasn't caused a problem. To be fair I don't live in a cold climate so I don't have the problem of gloves or handcreams for relieving winter dryness keeping the sensor from registering a touch event. 
  • Reply 14 of 83
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose
    I hope you're not trying to suggest Face ID is 'just marketing!'

    The entire point of the X and beyond is the new size, dropping the forehead and the chin to get a bigger screen in the same shell size. This was achievable only by using Face ID sensors. As an actual iPhone customer, I love this. I get more space without a significantly bigger phone. 
    edited December 2018 williamlondonmagman1979mike1razorpit
  • Reply 15 of 83
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose
    I hope you're not trying to suggest Face ID is 'just marketing!'
    Nope. You didn't read Post 6
  • Reply 16 of 83
    MplsP said:
    One more for Apple! I guess Android is improving - at least it takes more than a photo to trick it now. 
    That said, Face ID is not entirely unbeatable, as shortly after launch, two elaborate masks were able to defeat it, including one that cost just $200 to produce, but considerable effort and knowledge was required for its creation. It is also possible to be fooled by identical twins, and in one case, by one user's 10-year-old child with a familial resemblance.
    Bkav came out with those claims pretty quickly, but there were also questions as to whether they were real or not and I haven't heard anything since. I just did another google search and all I found were references to their original press release, nothing after that making me question the legitimacy of the claims.

    The Bkav claim was obviously a scam to gain traffic/hits. Ars asked them some very blunt and specific questions about how they conducted their tests and they either didn't answer or they provided vague unrelated answers.

    Everyone knows during the enrollment/learning phase of FaceID that if a PIN is entered after a failed facial recognition that FaceID will "learn" by also including attributes from the recently scanned face. So Bkav likely committed fraud by using this method to also learn the mask (in addition to the users face) to get it to work. It's the same as when early tests showed two people unlocking the same device.

    It's funny that nobody has duplicated their results. Any bad press about Apple generates a huge amount of traffic, and someone legitimately tricking FaceID would have found  the "Holy Grail" for Apple haters and would become an instant hero in their eyes. The potential reward for fooling FaceID is substantial, so why aren't we seeing people trying this?
    dewmeradarthekatMissNomerjony0
  • Reply 17 of 83

    airnerd said:
    gatorguy said:
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting. 

    As for the "marketing" comment I made I menat Android OEM's doing so for that reason.
    For me the benefit is that face ID works much more reliably.  No longer do I have to deal with not being able to get my phone unlocked quickly because i have a wet thumb, just put hand lotion on, the button has a smudge from the last unlock, I'm wearing gloves, etc.  I pick my phone up and it knows who I am with or without my glasses, or sunglasses.

    So for me at least, the product is much more user friendly.  That's the goal of devices like phones...to just work.  
    Yup. I have Touch ID on my iPad, Face ID on my iPhone, and guess which I have more issues with? Moisture on finger on the Touch ID.
    williamlondonmagman1979radarthekat
  • Reply 18 of 83
    This is as embarrassing and as predictable as the prior generations of iPhone knockoffs that could be fooled with a photo.

    There's no more proof than this repeated pattern that these copycats just don't get security well enough to do it correctly. They are only concerned with following Apple and pretending to be "good enough". 
    edited December 2018 williamlondonmagman1979radarthekatjony0
  • Reply 19 of 83
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    Real iPhones are better than the knockoffs.

    In other news.....

    This is as embarrassing and as predictable as the prior generations of iPhone knockoffs that could be fooled with a photo.

    There's no more proof than this repeated pattern that these copycats just don't get security well enough to do it correctly. They are only concerned with following Apple and pretending to be "good enough". 

    Tell me about it? Where's the media uproar over inferior knockoffs? #FaceGate? Class action lawsuits?

    Oh but #EvilTwinGate is a real problem.
    williamlondonStrangeDaysmagman1979jony0
  • Reply 20 of 83
    gatorguygatorguy Posts: 24,176member

    airnerd said:
    gatorguy said:
    jdb8167 said:
    gatorguy said:
    Fingerprint ID has always been considered secure so why the rush to go to FaceID? It seems as tho Apple went down that road in order to increase the screen size with under/in-screen TouchID not yet workable. Me-too Android stuff is silly IMHO.

    If it wasn't broken (as in insecure), and they can build a near-bevelless smartphone by using new tech that allows for under-screen fingerprint sensing why even bother with face-scanning? Marketing I suppose. 
    Huh? Apple has repeatedly claimed that Face ID is more secure than Touch ID. And it works great especially with the new iPad Pro. More than marketing. I haven’t seen an assessment of the security of the new under-screen fingerprint sensors but they are likely somewhat compromised compared to Touch ID 
    Apple has never ever even IMPLIED that TouchID is at all insecure, and its users weren't complaining about it either so there was no demand for something else.
    No, IMO rather than for security itself the reason Apple went to FaceID was to allow for a larger screen which is something some percentage of Apple buyers were wanting. 

    As for the "marketing" comment I made I menat Android OEM's doing so for that reason.
    For me the benefit is that face ID works much more reliably.  No longer do I have to deal with not being able to get my phone unlocked quickly because i have a wet thumb, just put hand lotion on, the button has a smudge from the last unlock, I'm wearing gloves, etc.  I pick my phone up and it knows who I am with or without my glasses, or sunglasses.

    So for me at least, the product is much more user friendly.  That's the goal of devices like phones...to just work.  
    Yup. I have Touch ID on my iPad, Face ID on my iPhone, and guess which I have more issues with? Moisture on finger on the Touch ID.
    How often do you really have TouchID problems tho? I presume they are exceedingly rare. 

    Security-wise I doubt there is a single member here concerned about TouchID on any of their devices being insecure or exposing them to unlocks by a thief, friend, family member, or random stranger.
    edited December 2018
Sign In or Register to comment.