top of page

iPhone X Face ID - secure or not?



The iPhone X Face ID is hacked:

Multiple sources have successfully gained access to the iPhone X using an artificial face.


If you have not read our previous blog about biometric data, we encourage you to do so at:

https://www.guardianforestsecurity.com/single-post/2017/09/22/Biometric-Data-Introduction


In order for us to begin to understand what is happening to the mighty iPhone's Face ID, we need to study how the iPhone collects and verifies biometric data. By a quick glance at Apple's official description of the technology:

https://support.apple.com/en-us/HT208108


We learned that the iPhone emits infrared (30,000 of them) on your face, captures the infrared reflected from your face using the camera, builds a 3D map of your face based on the data collected, and finally compare that map against the original face to determine access granted or denied.


First thing noticed:

Using infrared reflected by a surface (your face) is technologically impossible to distinguish real face material and material that is used to make a fake face. In order to have a chance to achieve that distinction, one need to at least add microwave to the mix.


Second thing:

The 3D map of the face is created based on the infrared reflected off your face. In essence, the phone calculates distances between your face and your phone on that 30,000 infrared sampling based on the time that each infrared light takes to travel between emission from the phone and receiving by the camera.


Due to the sampling size is quite large, it should be extremely difficult to make a fake face that mimics so well that it fools the iPhone. Here is the third thing that (we think) help with the defeat of the system.


Third thing:

The Face ID feature has to be secure and at the same time copes with inevitable facial changes on the genuine owner: your sun-glasses, your makeup, your facial hairs, etc. The iPhone copes with these changes by (again, we think) accepting a higher margin of verification tolerance. For instance, if a portion of your face's surface is increased by 0.01 mm due to heavy makeup, the phone would still accept that as your real face.


Conclusion:

Is the iPhone Face ID inferior? We think not.


Actually, we think Apple has strike a good balance between user friendliness and reasonable security on the high end.


The situation that the hackers have is unrealistic in real life. Imagine: can someone have you voluntarily sit down and spend hours measuring your face. The hacker then create a fake face, and spend more hours studying your face further to fine tune the fake face. Then after a week of hard work, they can finally hack your iPhone.


This is another example of a technology that is hacked in theory but poses no practical impact.

    © Guardian Forest Security Limited
    Your Personal Security Consultant
    Est. 2017 Hong Kong

    bottom of page