Writing at Wired, Andy Greenberg covers claims that hackers have already broken Face ID on the iPhone X:
On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.
First thing’s first: this was inevitable. Nobody’s yet invented the security measure that can’t be beaten. The real question is “how vulnerable is the system?” and, in this case, despite the low cited cost, the chances that this will be deployed against the average person is pretty low. Not least of all because it seems to require several minutes of scanning someone’s face. If you have that much access to someone’s face, there are far easier ways of opening their phones, with or without their cooperation.
But, look, most people are not going to be at risk here, anymore than the average person was at risk from someone duplicating their fingerprint. If you’re a high profile person who’s likely to be targeted by thieves or intelligence agencies, then, yes, you should probably be taking extra precautions, but the rest of us are plenty fine using Face ID, Touch ID, or even a six-digit passcode. But there’s no question that Face ID is tougher than many previous attempts at face-based security.