When Apple introduced Face ID security alongside the iPhone X, it boasted that even Hollywood-quality masks couldn’t fool the system. It might not be a question of movie-like authenticity, however — security researchers at Bkav claim to have thwarted Face ID by using a specially-built mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology. The creation uses hand-crafted “skin” made specifically to exploit Face ID, while 3D printing produced the face model. Other parts, such as the eyes, are 2D images. The proof of concept appears to work, as you can see in the clip below. The question is: do iPhone X owners actually have to worry about it?
The researchers maintain that they didn’t have to ‘cheat’ to make this work. The iPhone X was trained from a real person’s face, and it only required roughly $ 150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it’s not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.
When asked for comment, Apple pointed us to its security white paper outlining how Face ID detects faces and authenticates users.
Is this a practical security concern for most people? Not necessarily. Bkav is quick to acknowledge that the effort involved makes it difficult to compromise “normal users.” As with fake fingers, this approach is more of a concern for politicians, celebrities and law enforcement agents whose value is so high that they’re worth days of effort. If someone is so determined to get into your phone that they build a custom mask and have the opportunity to use it, you have much larger security concerns than whether or not Face ID is working.
More than anything, the seeming achievement emphasizes that biometric sign-ins are usually about convenience, not completely foolproof security. They make reasonable security painless enough that you’re more likely to use it instead of leaving your device unprotected. If someone is really, truly determined to get into your phone, there’s a real chance they will — this is more to deter thieves and nosy acquaintances who are likely to give up if they don’t get in after a few attempts.
Whatever you think of your dual-camera iPhone, there’s one company that’s less than thrilled. Israeli startup Corephotonics is suing Apple for allegedly infringing on patented technology with the cameras in the iPhone 7 Plus and 8 Plus (it’s likely none too pleased about the iPhone X, for that matter). Corephotonics says it pitched Apple about a potential alliance, only to be shot down and see Apple implement dual cameras on its own. The plaintiff company even claims that Apple boasted it could infringe on patents without fear. Apple’s negotiator said it would take “years and millions of dollars” before the iPhone maker would have to pay if it did infringe, according to Corephotonics’ version of events.
We’ve asked Apple for comment and will let you know if it can provide its take on the situation.
The case may be more complicated than it seems at first. Apple has its own dual camera patents, so it’s clearly been exploring the idea. Corephotonics may need to show that Apple couldn’t have developed the iPhone’s dual cameras independently. Also, it may have to demonstrate that negotiations played out as described. There have been more than a few lawsuits where plaintiffs swore they’d informed tech giants about patents — Corephotonics’ detailed account of this is uncommon, but the court will likely want more tangible proof.
The one certainty is that this isn’t a fly-by-night lawsuit. Corephotonics got into dual camera technology relatively early, and it has worked with big-name partners like Samsung Electro-Mechanics and OmniVision. Whatever the truth, Apple can’t brush this off.
Google has a response for the European Commission’s anti-trust allegations. In a lengthy blog post, the tech juggernaut addressed the EC’s concerns point by point. That starts with the EC’s stance that Android isn’t in competition with Apple’s iOS mobile operating system, and Google citing the Commission’s own research that 89 percent of survey respondents feel that the two are competitors. That last bit is a recurring theme, with Google pointing toward the survey responses for the EC’s stance on Android’s “stable and consistent framework” across devices as well.
In perhaps the most poignant response, Google made a GIF that illustrates how many apps are typically pre-installed/bundled on Android devices versus the competition — something the EC directly called out. By Mountain View’s count, of the Samsung Galaxy S7 with Android 6.0.1’s 38 pre-installed apps, only 11 were from Google. Contrast that with 39 out of 47 on the Lumia 550 from Microsoft and 39 out of 39 from Apple on the iPhone 7 running iOS 10.0.2.
“Android hasn’t hurt competition, it’s expanded it,” Google’s Senior Vice President and General Counsel Kent Walker said in a statement. “Android is the most flexibe mobile platform out there, balancing the needs of thousands of manufacturers and operators, millions of app developers and more than a billion consumers.
“Upsetting this balance would raise prices and hamper innovation, choice and competition. That wouldn’t just be a bad outcome for us. It would be a bad outcome for the entire ecosystem, and — most critically — for consumers.”
And with that, the battle moves onward. Maybe the EC’s stance won’t leak ahead of the next round. Maybe.