Is there a way to hack Face ID? So I guess it’s possible for someone to get passwords and or passcodes with key logging but what about Face ID? I recently had to prove my ID to a different company and they asked for photo ID and to take a picture rotating your face around the circle similar to how you setup Face ID on iPhone. Is there risk with Face ID?
[Re-Titled by Moderator]
iPhone 16, iOS 18
Details:
Whoever wanted you to prove your ID with that routine probably shouldn’t look at the latest round of generated video, as that’s getting pretty good, as is what can be generated by platforms including Unreal MetaHuman.
As for your question, Apple Face ID includes a laser scan for depth. That’s not so easy to bypass.
Details:
Whoever wanted you to prove your ID with that routine probably shouldn’t look at the latest round of generated video, as that’s getting pretty good, as is what can be generated by platforms including Unreal MetaHuman.
As for your question, Apple Face ID includes a laser scan for depth. That’s not so easy to bypass.
Do you think someone has physical access to your device? Face ID data is stored locally, and you would be the absolute first to have that data compromised through any picture, even if modeled in the same way as the set up procedure. If that was possible, it would be the top story of every news network and you would be hearing about it for at least a week in Prime Time. You cannot remotely access the phone with Face ID, so not sure who this different company is or how you think they can access your phone.
It is also not clear what key logging you are referring to that would even be able to get your Passcode. If your device has not been jailbroken, you also do not have a key logger installed on the iPhone. Certainly you can inadvertently give that Passcode to someone else through a phishing message or someone may be able to guess a Passcode if it was 1111 or 1234, but for anything else the device will lock due to failed attempts.
Face ID data is stored locally on your device encrypted in the Security Enclave. It is nearly impossible for someone to fake Face ID with a look alike or paper photo of you since it uses your face to generate a unique cryptographic hash.
Read more about Face ID, security, and the odds of a lookalike opening your phone.
About Face ID advanced technology - Apple Support
Face ID is VERY secure, uses millions of points to map your face using the True Depth Camera. We have seen reports of siblings who share very similar facial features be able to open a siblings phone, but this is very rare and not something most of the population need be concerned with. You cannot use a photo of someone to open someone's phone as a photo is not 3 dimensional. I wouldn't lose any sleep worrying about the security of Face ID.
even if the company created a 3d model of your head using that face scanning data, Face ID does other checks such as liveness checks. A quick summary of this is checking for
subtle movements, skin textures, and using infrared cameras.
Face ID is secure. In the past there have been experiments with advanced movie grade masks of individuals faces used by others to try and fool Face ID. There have been experiments with identical twins, etc. You get the idea….
But for sake of answering your question grounded in the real world and not some 1% scenario…. Yes Face ID is secure and you shouldn’t worry about it nor lose any sleep.
Of course as with most anything in our world, Face ID isn’t invincible and 100% unable to be defeated…. As I am sure Apple itself will say and agree.
NNJM wrote:
Face ID is an independent chip and cannot be attacked
Secure Enclave is an independent processor embedded within the main system-on-a-chip, and is not impossible attack, but its internals (running secOS, based on seL4) and particularly its external interfaces are deliberately designed to be more difficult to exploit.
Given the budgets and access OPs perceived adversaries necessarily have, I’d not rule out the possibility of security exploits.
As for Apple chip security in general, older A-series chips including A11 and earlier do have known hardware faults and do have exploits.
Related details:
Shel7585 wrote:
Thank you for your reply. Curious if other companies have access to obtain unique cryptographic hash of your face, if the non obtained Apple recording could ‘unlock’ your iphone.
So given you are the target of an immensely capable and well-funded adversary with deep access into Apple, Apple staff, and its hardware, firmware, and ML models, you will probably be best served by isolating or eliminating most of your complex hardware, and by reviewing your operations and procedures with and isolating your most sensitive data.
This elevated risk and value to immensely well-funded adversaries also means you and your usual locations and your possessions are subject to what can be more economical attacks, including physical breaches of your security, implanted cameras and recording devices, and intercepted (and modified) purchases.
This physical access also inherently involved in utilizing biometric backdoor of your concern. They need the device access, and they need the biometric match in physical space.
Or they have deep access, and “just” nerfed the entire TrueDepth system, which is a “why bother?” exploit, given everything else less protected than what’s in the Secure Enclave is likely also modifiable; a complete compromise of iOS and device security. (Which to be clear is within the realm of possibilities for current hardware and iOS, but the funding involved here means your adversary is correspondingly well-protected legally, and with many other options for exploitation beyond this (hypothetical) biometrics bypass.)
Get your entire security reviewed, if a Facebook ID bypass is within your risks.
This is a legitimate question. I wondered this myself once after I performed face recognition for a different platform. But then I thought, they would still need my physical phone to perform to Face ID request. Long story short I think it is highly improbable and I don’t worry about it anymore
MrHoffman wrote:
MrHoffman wrote:
Get your entire security reviewed, if a Facebook ID bypass is within your risks.
I just love Apple Intelligence and its new randomized word-completion function. 🙄
I just figured you were hitting the Bloody Mary's too early!
lobsterghost1 wrote:
MrHoffman wrote:
MrHoffman wrote:
Get your entire security reviewed, if a Facebook ID bypass is within your risks.
I just love Apple Intelligence and its new randomized word-completion function. 🙄
I just figured you were hitting the Bloody Mary's too early!
Alas, no.
Apple Intelligence is somewhat a mess, and its word completion works well right up until it doesn’t.
“Until” here just became “untie” too for instance, and its “its” and “it’s” efforts all too often wrong.
I’m having to learn and adapt to spotting different sorts of typos, and the LLM model is most definitely not (yet?) tuned and adapted to my vocabulary and phrasing.
No alcohol involved.
MrHoffman wrote:
lobsterghost1 wrote:
MrHoffman wrote:
MrHoffman wrote:
Get your entire security reviewed, if a Facebook ID bypass is within your risks.
I just love Apple Intelligence and its new randomized word-completion function. 🙄
I just figured you were hitting the Bloody Mary's too early!
Alas, no.
Apple Intelligence is somewhat a mess, and its word completion works well right up until it doesn’t.
“Until” here just became “untie” too for instance, and its “its” and “it’s” efforts all too often wrong.
I’m having to learn and adapt to spotting different sorts of typos, and the LLM model is most definitely not (yet?) tuned and adapted to my vocabulary and phrasing.
No alcohol involved.
I don't use writing tools at all. If something I post is messed up, it's my brain exclusively messing it up!
MrHoffman wrote:
Get your entire security reviewed, if a Facebook ID bypass is within your risks.
I just love Apple Intelligence and its new randomized word-completion function. 🙄
Face ID is an independent chip and cannot be attacked
The software will only receive the verification result, yes or no, and will not get the hash value or face model.
Can someone fake or hack Face ID to access my iPhone?
