Late last week, a video started doing the rounds showing that Face ID can be “hacked,” if you have a detailed scan of a user’s face, a 3-D printer, and a lot of spare time. The Vietnamese security firm that pulled off the hack, Bkav, has decided that this means Face ID is “not an effective security measure.”
But there’s really no need to freak out, or disable Face ID. Sure, Apple’s facial scanning system can be defeated, but only with a particularly bizarre set of circumstances and specialist knowledge. Like every other security system in the world, it has flaws. You just don’t need to worry about them.
Wired has more details on how Bkav tricked Face ID, and exactly what was required to defeat the system. “The researchers say they used a handheld scanner that required about five minutes of manually scanning their test subject’s face,” Wired reveals. Scanning someone’s face in that much detail without their knowledge or consent is nearly impossible. We’re getting into the improbably realm of Mission Impossible-esque rappelling into a sleeping person’s bedroom to scan their face — which, sure, is possible, but seems like a lot more work than most people are willing to do in order to unlock a phone.
Face ID is not designed to be an infalliable system that can’t be broken under any circumstance. It just has to be better than the alternatives, which in this case, are a 4-digit passcode, and Touch ID. A passcode can be beaten with a tiny amount of prior preparation, like using a hidden camera to film it being entered. Touch ID can be fooled by taking a user’s fingerprint (easy to do off something like a glass or door handle) and then making a mold.
So sure — Face ID can be beaten, given the right set of circumstances, skills, and time. But for the time being, the most effective way to beat the system is going to be the threat of violence (unlock the phone or I shoot you!), or simply having the phone grabbed out of your hand and pointed at your face.