Skip to content

Face ID tricked: should you be concerned?

  • by

Not for the first time, Face ID – the facial recognition scanner built into iPhone X – has been fooled by a complicated replica of a human face. This time with attention detection activated, which in theory should add an extra layer of security. It won’t be the last we hear of this sort of biometric deception, as the internet loves a scare story almost as much as it loves dissecting everything Apple does. But the real questions is: does it matter?

For the average consumer we’d argue that no, it doesn’t matter. In fact, unless you’re an infamous spy or a head of state, you can probably chill out. The mask created for the deception in the news right now is extremely elaborate. It cost around $200 to create using a 3D printer and various other tools, and was only possible because the device owner made a detailed scan of his head from all angles using a professional camera setup. Has anybody papped you against your will with a circular rig of interconnected cameras lately?

The video proves that, under a very specific set of circumstances, it is possible to trick Face ID into unlocking for a mask rather than a human face. But in the real world? Any would-be thief would need unchecked access to your face, the iPhone itself, and a considerable arsenal of tools, skills, and effort. We’d be surprised if these kind of attacks happened at all in the real world, much less to random individuals. If you’re worried about a smaller-scale attack, such as being forced to unlock your device by looking at it, you can quickly disable Face ID on the iPhone X by holding the power button and either of the volume buttons for a couple of seconds.

If you’re keeping state secrets on your device, you probably shouldn’t be using biometric authentification anyway. A strong alphanumeric password is miles more secure than any other method of locking your phone. For the rest of us, though, the convenience of Face ID or Touch ID far outweighs the risk of an elaborate biometric subterfuge.

Further reading: can siblings and twins trick Face ID?