When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.
On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.From a security perspective, FaceID (and fingerprint recognition) is a terrible idea. The problem is that it's used for the wrong purpose. Both would be fine as a username replacement - after all, you are you. But they're really, really, really bad ideas as passwords, which is how they're used. They can't be changed if they get compromised (and believe me, that is what hackers world wide are working on because it's the Holy Grail of pwnage). They can be used against your will, by Bad Guys or by Governments.
If you use either of these two things, you should turn them off.