[jeroenhd]

When the camera fails you don't exactly have many options because you can't really order the official parts.

Why would the camera be of consequence, though? Isn't authentication data stored in the proprietary TPM thing Apple includes in their devices?

[lonelyasacloud]

> Why would the camera be of consequence, though?

Insisting on approved camera avoids making it easier for bad actors to stealthily capture's a victim's biometrics and then use a third party "camera" to replay that information and unlock the victim's phone without them being present.

[macNchz]

Arguably if you anticipate someone targeting you who is capable of attacks this sophisticated, you are very far outside the norm and should probably have an entirely different relationship with your devices than most people.

[SuperShibe]

Couldn't an attacker just swap the sensor? This seems like something that higher law enforcement likely already did.

Also couldn't you avoid this problem entirely be just making the dot projector use an unique pattern for each unlock attempt?

[formerly_proven]

"Couldn't just", might be, probably not. Face-ID is a pretty complex and very highly integrated system. The dot pattern can't be changed, because each dot in the pattern (~100 dots or so) is actually a VCSEL laser. The large constellation (>30k dots) is created by a diffractive beamsplitter. The sensor is probably custom, so I'd wager the CMOS IR sensor is actually physically the thing that's paired to the Secure Enclave. I doubt there's just an unencrypted MIPI link running from some random 1/6" OmniVision sensor to the CPU.

[circuit10]

You could just install another camera alongside the existing one and still do that, so that’s not the reason

[SiempreViernes]

Pretty sure the state of the art is just sending a text with a zero click exploit, not mucking about with hardware.

[chaosite]

Because the camera represents the analog hole. If you can replace the camera, you can hook the phone up to a computer and feed it pictures of faces instead, until the phone unlocks.

[SiempreViernes]

If you find that attack vector so scary, I'm sorry to inform you that it is already possible to prop up an iphone against a pizza box and have it stare at a screen showing a feed of pictures.

Admittedly you might have to put the iphone on its side so you can get the charging cable in there, which means you might have to figure out how to rotate the pictures too.

[cainxinth]

FaceID uses 3D data as well. You can’t unlock it with just a 2D image of a face.

[SiempreViernes]

That's a good objection, go tell it to the guy I'm sarcastically replying to instead because it is they that are worried, not me.

[formerly_proven]

How would that https://upload.wikimedia.org/wikipedia/commons/d/dd/Apple_Fa... work with a photo?

[LeafItAlone]

Do you have a source for that? Don’t iPhones use a 3D mapping via infrared? 2D pictures don’t unlock my iPhone.