
Hackers just broke the iPhone X's Face ID using a 3D-printed mask - _pdp_
http://www.wired.co.uk/article/hackers-trick-apple-iphone-x-face-id-3d-mask-security
======
Pinbenterjamin
I think that post title is a bit sensationalist.

 _The researchers concede, however, that their technique would require a
detailed measurement or digital scan of a the face of the target iPhone 's
owner. That puts their spoofing method in the realm of highly targeted
espionage, rather than the sort of run-of-the-mill hacking most iPhone X
owners might face._

Yes, if you have precise enough tools and can print a face that resembles the
owner's, and you wear that face, you're going to 'bypass' the recognition
software, but are you really 'breaking' it?

You can really see the researcher playing hard to the validity and value of
the work here;

 _Bkav, meanwhile, didn 't mince words in its blog post and FAQ on the
research. "Apple has done this not so well," writes the company. "Face ID can
be fooled by mask, which means it is not an effective security measure."_

I don't know, it's not 'hacking' or even 'breaking' enough to concern me.

~~~
mikejb
I agree with you. Particularly, this sentence is a bit misleading

"Face ID can be fooled by mask, which means it is not an effective security
measure."

It's like saying "This lock can be fooled by key, which means it is not an
effective security measure."

------
MR4D
Clickbait title.

Think about the level of work this requires vs spoofing a fingerprint. It is
much higher and requires much more information.

In other words : if you spend a lot of time and money, you can spoof Face ID,
but it’s a lot easier to do the fingerprint.

For reference, here’s an article (also from Wired) about how they hacked the
fingerprint reader: [https://www.wired.com/2013/09/iphone-fingerprint-
cracked](https://www.wired.com/2013/09/iphone-fingerprint-cracked)

------
leoh
It seems to me they may have trained the phone to recognize the mask as
opposed to training it on a person and creating a mask.

------
StringyBob
'just' in title means Nov 2017.

