Face ID is certainly a unique feature for a phone because of the technology behind how it works. Based on the technology that Apple uses behind Face ID, Vietnamese cyber security research firm Bkav was able to crack Face ID for a second time using a more elaborate mask and about $150 in materials.
The researchers were able to fool Face ID with a 3D printed mask of the experts face made of stone powder. Infrared images of the persons eyes were printed on paper and glued onto the facial model to trick the iPhone Xs infrared camera into thinking real eyes were looking at it. Pretty clever.
With the first mask, Bkav recommended that VIPs like National Leaders and high profile executives should be cautious about securing with Face ID. After these findings with the new, more elaborate mask, the same firm deems that Face ID is not secure enough to be used in business transactions. (i.e. Apple Pay).
The actual process of being able to achieve what this research firm has is still quite far-fetched. Youll need access to special equipment and youll have to have a high-quality image of the persons face (in addition to undisturbed access to the victim’s device).
Otherwise, the model has to be *really* good. Good enough to fool the device within 5 attempts. After the 5th failed Face ID attempt, the phone prompts for a manual passcode.
Perhaps Apple can add an extra security measure that requires the user to blink while looking at the iPhone X before it will unlock. This feature was introduced in Android Jellybean and was called liveness check. It was still easily fooled but maybe Apples setup with IR cameras will make it much tougher to crack.