The iPhone X comes with a sophisticated 3D facial recognition system that has no rival in the mobile business right now. It’s more secure than Touch ID, almost as fast, and works pretty much as intended — that’s to say there have been no “Facegates” issues to date.
However, the security of Face ID isn’t foolproof. Children can already Face ID into the iPhone X of their parents, and some people have had similar successes with the handsets of their siblings. Hackers also successfully unlocked the phone using a 3D-printed mask, although they haven’t answered all the questions related to their procedure.
A new video now claims to show how Face ID can be fooled with a plaster mask.
Posted online earlier this week on YouTube channel WolfieRaps, the video is a bit on the trolly side. It’s not exactly a scientific kind of show, but the video does prove that 2D images can’t break the Face ID lock.
However, the YouTubers video demo a successful mirror Face ID unlock which seems impossible at first. It turns out that if you hold the iPhone X at an angle while facing a mirror, it’ll be able to measure the depth of your face. I tried it and it works. Of course, this isn’t a real hack, as you do need the iPhone X owner to perform it.
Moving on to the plaster hack, I’ll have to say I’m not convinced it actually works. If it does, however, it’s still something you can’t really pull off. You’ll need physical access to your target’s head, and that person will suspect something’s up the minute you ask them to let you make a plaster mask of their face.
As seen towards the end of the clip below, the plaster mask does work. It does unlock the iPhone. But because the video doesn’t seem to be a continuous recording, there are reasons to suspect something may have happened during different takes that allowed it to happen, and I’m going to quote from Apple’s white paper on how Face ID works:
To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation—if its quality is sufficient—for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.
In other words, if the iPhone in the video below was unlocked with a passcode, then Face ID may have mapped the mask. For this to happen, however, the mask should have been placed in front of the TrueDepth camera while the passcode was introduced, or soon after it. On the other hand, the video also shows the time on the iPhone, as the screen is mirrored to a computer to record the Face ID unlock success or failure. The successful unlock occurs only a couple of minutes after the first unsuccessful attempts.
Again, the hack does seem to work. But this isn’t the most scientific Face ID hack out there. Watch the entire thing below: