Apple FaceID Hacked

It only took a week:

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.

The article points out that the hack hasn’t been independently confirmed, but I have no doubt it’s true.

I don’t think this is cause for alarm, though. Authentication will always be a trade-off between security and convenience. FaceID is another biometric option, and a good one. I wouldn’t be less likely to use it because of this.

FAQ from the researchers.

Tags: , , , ,

Posted on November 15, 2017 at 6:54 AM46 Comments

Comments

me November 15, 2017 7:21 AM

biometric seems always the best/most secure option. but i don’t think so…
for example we have a thing called “facebook” that is an open database with the face of everyone. ok, not 3D, but if people can clone keys from a photo i think it can be done with a face too.

i think that touch id is much more asy to use and useful compared to face id.

Weirdo Wisp November 15, 2017 7:32 AM

I would prefer a combination of biometrics (face or fingerprint) as “user ID” plus the usual short 4 to 8 digit PIN as “password”. This would be as fast as the PIN method alone, but much more secure.

As far as I know it is not possible to combine those methods on Apple’s iPhones or Android phones from Samsung, Google, or other vendors.

For “normal” (not security-conscious) people, FaceID or TouchID seems to be better than a short PIN – or no PIN at all.

GJ November 15, 2017 7:40 AM

The problem a have with biometric technology like this is that the false positive rate is not published, nor configurable. I don’t think the provider has any incentive to provide a low false positive rate, because it will expose the actual (low?) Precision. Basically, I have no way of knowing how good this face recognition implementation is.

Steve November 15, 2017 7:47 AM

Martin “Rollin Hand” Landau in the old “Mission Impossible” teevee series could have done it in five minutes.

225 November 15, 2017 8:02 AM

But I thought they check to make sure your eyes are open. /255 now madly tries to find that calvin and hobbes cartoon where he sticks ping pong halves over his eyes so it looks like he is paying attention in class.

Tatütata November 15, 2017 8:34 AM

@225: you’re not trying hard enough, the ping pong balls even pops-up as a G**gle autocomplete suggestion while you type!

Next iteration: get a chip implanted in the face of the user, and implement an RFID reader in the device.

Or perhaps somehow check that mask has warm blood flowing into it, with a pulse, and that pulse is synchronous with the pulse of the hand holding the device? Or add a visual password, i.e., the phone asks displays a random grimace for the user to reproduce? That one might help against coercion, or having your squeeze flash your phone over your face while you sleep.

Wasn’t there a similar stunt by the CCC with the fingerprint record on the German biometric ID-cards? I kind of remember that they managed to fake the thumb of that buck-toothed nincompoop of a minister for the interior…

Wayne November 15, 2017 9:30 AM

Granted, this is a third-party attack, which may or may not work. Here’s a video of a 10 year old boy picking up his mom’s X and it unlocked for him. She re-registered her phone, it stopped – for a while. Then it started unlocking again. There’s something hinky going on, something about the phone updating the registration if it fails to ID.

Wired article & video

Alejandro November 15, 2017 10:07 AM

I read somewhere facial ID is the golden fleece of a ‘Global Identity’. No language barrier, indeed no card at all required, all you need is a face.

Well, back to the drawing board. LOL.

I oppose all biometric identifiers because clearly they are intended to be used by world governments and police for domination and control of the masses, also for the reason noted by Mr. Schneier, they can faked, or as everyone knows can be seized by force, including amputation and other dreadful methods. Ick.

Alejandro November 15, 2017 10:28 AM

@Wayne

Re: “…something hinky going on, something about the phone updating the registration if it fails to ID…”

Maybe so. Maybe facial ID data point values are not static, and not unique. Doesn’t our face change shape and appearance substantially with age? Will a person at 8 years old, 18, 28, and 88 years still have the same features according to the ID algorithm?

Maybe, the phone must update the ID constantly and thus a “young” user and “older” user have a different ID value.

Meanwhile, Apple facial ID isn’t doing that great. It’s slower than a pin or a print and can be easily confused by ambient light and so on. Also, people look kind of foolish using it because they must hold the camera directly in front of them at a certain prescribed distance.

In any case, right now facial ID is at best a beta project.

Tatütata November 15, 2017 10:54 AM

Maybe, the phone must update the ID constantly and thus a “young” user and “older” user have a different ID value.

Well, the Uppel Iwhatever ain’t designed to last that long anyway.

Are the reference faces phoned home to Palo Alto? That would be creepy…

On the plus side, if someone works on you with rubber hose cryptography, the device is less likely to recognize your face if it is turned into a bowl of marmalade.

Rachel November 15, 2017 11:17 AM

and as readers here probably know, the entity has had other problems – freezing up, or a green line appearing randomly on the screen. oops.

Scared November 15, 2017 12:46 PM

Can’t remember the exact wording in one of the late night shows when they commented on this the other day, but it went something like this: “FaceID has been hacked with a mask of plastic, silicone and makeup, or as we say in LA: a face”

Wael November 15, 2017 12:50 PM

By the way, on a large scale test sample, this is mathematically bound and expected to happen. The only thing that surprised me is the low cost of constructing such masks, if it turns out to be true. Still a good biometric method. And there is an alternative passcode fallback. Nothing forces the user to use FaceID. They got rid of TouchID to utilize the landscape for screen usage.

@Tatütata,

Are the reference faces phoned home to Palo Alto? That would be creepy…

They don’t. At least that’s what their documents say. Relatively straightforward to test. I have a couple of suggestions for them: add skin texture detection and facial heat distribution analysis (in relevance to ambient temperature) as well as subtle facial movement analysis to the algorithms. The sensors are already there.

Wayne November 15, 2017 1:34 PM

@Alejandro:

FeceID is definitely a beta project, or work in progress.

Will a person at 8 years old, 18, 28, and 88 years still have the same features according to the ID algorithm?

How long does the average person keep a smart phone? And in the case of an iPhone X, literally, how long before they drop it and shatter that sucker? I doubt anyone will own an X for more than 3-4 years. Yes, there will be exceptions. I don’t know how much a person’s face will change over 3-4 years, it may depend on what stage of life they’re in. I recall that Apple doesn’t recommend using Face ID for people under a certain age because they’re still growing.

But the question for me is: beyond the iPhone X, what does this mean for automatic face recognition algorithms in surveillance cameras? We suddenly have this massive increase in people adding data sets for programmers to experiment with and refine their identification/recognition routines.

I remember going in to a restaurant in Phoenix with friends. The owner’s wife walked up to me and said “Do you have a brother named [name]?” “Yes.” “Did he go to [highschool]?” “Yes!” I don’t think I look that much like my brother, but she identified me from knowing my brother, and I know that prior to that we had never met.

I’d love to see a Hollywood makeup expert work someone over with an iPhone X and see what they can do to stress the recognition.

For me, I’ll stick with my six digit number to plug in to my iPhone. I use my fingerprint to unlock Amazon and iBooks, but you have to unlock the phone with my PIN first.

Tatütata November 15, 2017 4:26 PM

@Wael,

Thanks for the reassurance, even though I’m nowhere about to get one of these toys. BTW, I should have written “Cupertino” and not “Palo Alto”. I wonder whether this system is sensitive enough to discriminate between identical twins. (I am acquainted with a few, and I’m usually able to distinguish them, but the cues can be subtle).

OT, Re. “FeceID is definitely a beta project, or work in progress.”

There are actually “<a href=’http://www.zeit.de/gesellschaft/2015-06/hundekot-dna-analyse”>FeceID” projects going on in Germany, the UK and US for identifying dogs (and presumably their owners) that soil public property. A cost of 70-80 Euros is quoted for turd DNA sequencing and database storage.

Wael November 15, 2017 4:54 PM

@Tatütata,

I wonder whether this system is sensitive enough to discriminate between identical twins.

Nope.

A cost of 70-80 Euros is quoted for turd DNA sequencing and database storage.

That’s funny! 🙂 At least we’re not charged for storage of our private data at TLA’s databases. Or are we?

MarkH November 15, 2017 6:08 PM

Note: Repost of comment I made yesterday on the original Face ID post

File Under: It Would be Funny, if it Weren’t So Depressingly Stupid

10-year-old boy can unlock mom’s iphone face ID

When the mother set up her face ID in low illumination, he could unlock her phone every time (in the spirit of scientific inquiry, she repeated this). When she used brighter light, he could no longer unlock.

Also, he once unlocked his dad’s face ID, but was not able to repeat this success on subsequent attempts.

It may be a crap security technique … but perhaps an interesting tool for Automatic Detection of Family Resemblance.

I’ve been an Apple skeptic since 1978, and have yet to see any basis for upgrading my evaluation.

Wael November 15, 2017 6:24 PM

@MarkH,

Note: Repost of comment I made yesterday on the original Face ID post

No body bit the first time?

Alejandro November 15, 2017 6:25 PM

@itgrrl

I read one of the links. From that I got:

Face ID “captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of your face and also captures an infrared image of your face.”

Thus any fake face will need to address skin temperature. That doesn’t sound impossible at all.

The 30,000 dots sounds like the 3D issue coming up. Once again, with a 3D printer seems a duplicate is possible.

Also mentioned is the hash changes to accept face changes, even glasses. That sounds like the camera could be trained to be a different face.

Also note, the camera must be held “25-50 cm away from your face” (10-20″) thus bringing up the issue of people doing straight on selfies of themselves to authenticate it, walking down the street etc.

Let me be clear, I am impressed with the technology, but not at all with the privacy and security issues involved with biometrics.

I mean, literally, could not a government official or criminal forcibly hold your face in front of the camera to unlock the device?

Really, WE should resist biometrics as it is another giveaway to the govt, corps and crooks…but what’s the chance? It will be so fun and convenient. They say.

Wael November 15, 2017 6:44 PM

@Alejandro,

I mean, literally, could not a government official or criminal forcibly hold your face in front of the camera to unlock the device?

It has duress capability that allows one to disable FaceID in a hurry.

Tatütata November 15, 2017 6:50 PM

Face ID “captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of your face and also captures an infrared image of your face.”

Thus any fake face will need to address skin temperature. That doesn’t sound impossible at all.

Nope.

The wavelength must be one which the semiconductor sensor can handle, so it would be in the near infrared range (something around 1um). The frequency response is a direct function of the material’s band gap. The detectors aren’t cooled down, and dark current probably WAY too large for heat imaging, but enough for capturing lit scenes as described, i.e., projecting a pattern and recording deducing the shape of the face using photogrammetric principles.

Re: FeceID. Here’s the link I bungled in my first attempt:
http://www.zeit.de/gesellschaft/2015-06/hundekot-dna-analyse

Actually, this subject returned in the news lately. The Bundestag mandated a federal database just before the 2017 election was called, and all owners will have to bring Fifi to the vet to get her jowls swiped. Great.

https://www.koelner-abendblatt.de/artikel/politik/gesundheit/deutschlandweite-hunde-dna-datenbank-vom-bundestag-beschlossen-01291524.html

Found this item by entering “Hundekot DNA”. (and “Hondekop” is a false friend, like “bellen” (DE) and “bellen” (NL)).

Total surveillance for K9s. A prelude for registering humans?

Tatütata November 15, 2017 7:00 PM

OH CR*P!

When I looked at the other headlines, I realized I got fooled by a satirical news site (the second link).

Sorry about that. I was wondering why it wasn’t a uproar during the election…

But there are real news out there.

The Marburg borough of Lohra (pop. ~5500) decided yesterday to create a dog-DNA database:

http://www.op-marburg.de/Lokales/Hinterland/Lohra/Datenbank-wird-vorbereitet-Lohra-sagt-Ja-zur-Hundekot-DNA

You got to begin somewhere…

Clive Robinson November 15, 2017 7:10 PM

@ Tatütata,

Next iteration: get a chip implanted in the face of the user, and implement an RFID reader in the device.

Make it very short range and put the RFID in the forehead for fanbois or lips for deva types.

That way the fanbois will look like they are praying to their “techno god” and the devas well how do I put it tactfully, the way some of them stuff there phones in any available cleavage[1] making them kiss the phone might change their habits.

[1] Any suggestion that Kim K should have the RFID put in one of her buttock implants so she can “swipe in style” will no doubt cause a flurry or two with “Heat readers” or what ever your local Celeb Rag is called 😉

Alejandro November 15, 2017 7:18 PM

@Wael

Re: “It has duress capability that allows one to disable FaceID in a hurry.”

With your hands in handcuffs behind your back or a knife in your ribs? This I got to see!

Wael November 15, 2017 7:43 PM

@Alejandro,

With your hands in handcuffs…

OpSec and vigilance. You gotta do it before they get to you. Anticipation is important — you know, situational awareness!

This I got to see!

You don’t want to see.

Steffen November 15, 2017 7:56 PM

@neill

It could well be “good enough”. Other IDs (passports, for example) get forged all the time, yet they are considered ok for what they’re used for. It’s all about understanding a risk and then spending the right amount of effort to mitigate it.

Face ID is arguably a better solution than a 6-digit PIN that can easily be shoulder surfed by anyone (not just close relatives). Apple claims it also produces two orders of magnitude fewer false positives than Touch ID. They do state that close relatives may be able to unlock your phone in some cases. For iPhone X users this means: test whether your spitting image relative can unlock your phone, and if yes decide whether that’s big enough a problem for you (i.e. you distrust them enough) to go back to a PIN.

Another interesting aspect is the adaptation/learning ability of Face ID. If the phone is successfully unlocked shortly after a failed Face ID attempt then it apparently evolves the facial model it has of the user. This means, if you pass the phone around the family for some fun with trying to unlock it you might well end up with a facial model that accepts most of your family’s faces. This is something Apple will probably looking at fine tuning.

Wael November 15, 2017 7:57 PM

@Tatütata,

When I looked at the other headlines, I realized I got fooled by a satirical news site (the second link).

I would have been fooled too. These days it’s hard to tell apart fact from fiction. Sometimes real news is funnier than satire.

Claus November 15, 2017 11:23 PM

Even I would use face recognition as authentication method. But there is no big interest of any party in the content of my iPhone…which is a bit different to some users: to keep content hidden from others could be important to them, maybe essential for their life…and the protection by face recognition is good, really good, but not perfect. That is the message here to me.

And if there will be means a bit easier to pass face recognition during the coming months, and if it is of highest importance to protect access to my iPhone – hey, I cannot change my face by simple means.

To rely on just biometrical recognition never will be sufficient – it is very convenient and hip, but a second factor (something I know, token) is needed

neill November 16, 2017 1:47 AM

@Steffen

i’m just a bit disappointed that apl put so much engineering and $ into that project, and the user pays such a hefty price for it …

i could rather see a solution where the phone asks the user to grin, smile, raise an eyebrow etc, and speak a random word that flashes on the screen – and then analyzes how the facial muscles work, and the words are spoken (alike deaf people read lips) … would be much harder to copy via silicone mask!

“behavioral security” analysis like citrix does it comes to my mind

Wael November 16, 2017 4:16 AM

@Tatütata,

The wavelength must be one which the semiconductor sensor can handle…

That’s correct. Do we know the specifications of the sensors? If they’re not suitable, then surely we can fit one of these bad boys inside an iPhone (and double its price.) I wonder what resolution this thing has (too tired to read.)

Peter Peter November 16, 2017 10:56 AM

Remember! Technology that forgets is a feature. The argument for me is control over memory, or the state of being awake. i am not paying for technology, i am paying for the promise that it will work as promised. Therefore, i admit: i trust technology with my life because i cannot test everything i use.The alternative of Face ID is having people validate pictures but i can only map about 1500 faces to names, and since i am not very good at finding the exception in the familiar there will be a come back of the assembly line and a shortage of ping pong balls. Augmentation seems to be a solution. Else, we’d also need to start thinking about replacing street lights with people since allegedly, i already trust people with my life-unless they have a 3D printer, and some ping pong balls.

Seth November 16, 2017 11:48 AM

Addressing some of the earlier comments, especially @GJ and @Wael, there are more details from apple support here .

The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID). As an additional protection, Face ID allows only five unsuccessful match attempts before a passcode is required. The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed.

This gives a false accept rate (FAR) of 0.000001%. The false accept rate and false reject rate (FRR) avoids the problems with precision and accuracy. It doesn’t matter how many positive or negative examples are fed to the system, the FAR and FRR should remain the same. For instance, with facial recognition it was probably designed with a high false reject rate (maybe 95% or higher) so that it is very unlikely the registered user will be unable to unlock the phone. The chosen FRR determines the false accept rate, which in this case is also quite high. Since the phone has a limited number of attempts, this is quite good. I wonder how many tries it took the researchers to get their mask accepted?

As for the 10 year old being able to unlock his mom’s iphone, it appears that in some cases the phone will update the profile when authentication fails, provided the phone is unlocked shortly after.

This data will be refined and updated as you use Face ID to improve your experience, including when you successfully authenticate. Face ID will also update this data when it detects a close match but a passcode is subsequently entered to unlock the device.

Kid tries to unlock phone a lot of times, some of those times his mom uses it right after. Or even the kid looks at the phone as he hands it to his parent, face id registers it as a failed attempt but of course the phone is unlocked right after so face id decides to update the database. So, don’t trust this to secure a phone from family members.

chuck November 16, 2017 2:20 PM

I have had my X for 2 days.

Unlocking with face recognition has worked instantly every time I picked up the device, even in very low light conditions. I set it up from a slightly low hand position, which is how it normally gets presented. Never have to stare at it or hold it up to eye level.

Sorry haters, it doesn’t bend either.

John November 16, 2017 3:56 PM

“a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 ”

That’s what they said. You know what I HEARD?

“there’s 7000 people on the planet that can open your phone”

MarkH November 17, 2017 3:48 AM

@Seth:

According to the article, for the two cases in which the mom set up the phone in low light (why illumination matters is an interesting question) …

… reportedly, the youngster could reliably unlock (first time, every time), which seems inconsistent with the hypothesis in which “kid tries to unlock phone a lot of times” by way of “training” the Face ID.

As to the claimed 1:1000000 false positive rate … computer biometric security tests have numerous times been shown to fail orders of magnitude more often than their designers predicted.

NASA top management said (and perhaps believed!) that the catastrophic (i.e., crew-killing) failure rate of the “space shuttle” was 1:1000000

And I remember that during the Gulf War, US missiles were credited with 40+ intercepts of Iraq’s Scud missiles … but MIT’s Theodore Postol made a convincing analysis suggesting that the probable number of successful intercepts was between zero and four.

I’d be interested to see a Face ID error rate assessment by an independent adversarial “red team” organization. What Apple claims? Not so much.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.