Why not? There's no technical reason why the touch or face sensor needs to be trusted. The actual security processing happens in the secure element. The sensor is just an input device.
That doesn't prevent a malicious FaceID chip from recording and replaying sensor output, allowing a backdoor to unlock the phone, or a variety of other attacks.
Oh oops, I didn't read carefully enough. Regardless, I think if you're interested in real security, both TouchID and FaceID are terrible (easy to use your body, by force if necessary, to bypass those), and passcode is the only secure option. FaceID and TouchID are just conveniences not affordable to those who have something to lose.
You can be scammed into entering your password into a random textbox and then relayed on the actual website/app. This is too basic. In case of FaceID/TouchID, the acquiring platform (your mobile phone) has secure device binding and FaceID/TouchID is a local authenticator on that device to use that secure device binding to authenticate. If FaceID/TouchID becomes fakeable, we will move on to some other more secure local authenticator. The point is, you have a rich multi-sensor mobile device as your authenticator.
> Also sometimes I need to change them (if they get compromised, if computing progress made them easier to bruteforce, etc.), and I don't really want to have to use cosmetic surgery when that happens.
That's not how it works. Each hardware device that acquires your FaceID or TouchID (or Iris ID etc) do it in a way that's unique to them. Even mission impossible style face mask can't fool these modern FaceIDs. Like all things in security, it is a game of making it really expensive to break it and not really about it being impossible.
I'm not saying it's realistic, but one could theoretically replace the sensor with a fake one that always returned the same data. That would allow the user to re-setup face ID and let unknowingly let any intruder in.
Not sure how "fooling" comes into play. Only trusted applications can request to use Touch ID/Face ID in the first place. It's not like there's a way for a random application to just say "Scan your face and let me take over your machine"
The rumor mill suggests that the face detect is used for authentication, and is there because Apple hasn't been able to get the fingerprint sensor to read through the screen, and they need a quick-unlock feature like TouchID.
I hope it works - I rather like TouchID and would be disappointed to have it replaced by something crappier.
I'm not pleased with the security aspect of face id though. I get that touch id is not highly secure either, but I'm more confident in it and it does not require looking at a phone to unlock.
I'd take a touch sensor on the back of the phone like is common on android devices over face id any day of the week, by the time the phone is level with your face it's already opened.
I agree but keep in mind that this same principal applies to TouchID, which is what FaceID is replacing. FaceID is so much better than TouchID in so many aspects. Less false positives, it works even if your fingers are wet, and it's a natural behavior to look at the screen.
Both TouchID and FaceID is trying to protect from complete stranger. I know that with FaceID (if it does exactly what the video suggests) it will be a harder challenge to unlock.
You're wrong to say that the element of security it provides is low because, even with this workaround, you still don't have access to the data on the device. All this "workaround" does is keep the chain of trust from the original device. You'd still need to be able to unlock the device in order to get anything from it. It doesn't reset the FaceID information or bypass it in any way.
reply