Stop freaking out: Face ID isn't 'broken'

Phillip Butler
November 14, 2017

Vietnamese cyber security firm Bkav claims to have already tricked Face ID using a custom-made a mask-but don't return your iPhone X just yet. Facial recognition has shown its pitfalls in the past, with hackers tricking security by putting a photo over the camera. Bkav admits this openly in a Q & A on its hack, noting that "Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like Federal Bureau of Investigation need to understand the Face ID's issue". The system relies on artificial intelligence. The creation uses hand-crafted "skin" made specifically to exploit Face ID, while 3D printing produced the face model.

Clearly, these guys knew exactly what to look for in their Face ID-duping efforts, spending plenty of time simulating the features of one of their own. Face ID was configured with a real person's face and that the mask was able to fool it.

The composite mask (made of 3D printed plastic and make-up) was able to unlock an iPhone locked with Face ID, the researchers said.

You can see the mask seemingly working in the video below, and interestingly the mask isn't even a full-face replica, with Bkav noting that it only needed details for half the face to fool Face ID. We also found that odd but were able to replicate the unusual behavior on an iPhone X unit Apple provided us. "On the inverse, if security is your priority, until more is tested against Face ID, I'd suggest using only a passcode, all the time". They then put 2D printouts of the user's eyes, upper cheekbones and lips over the mask and added a silicone nose for realism.

It's not clear why the iPhone X was fooled by this less convincing, and frankly extremely creepy mask. Rather than strive for absolute realism, the team built its mask with the aim of tricking the depth-mapping technology.

Face ID has to be used about every four hours, or else it'll prompt the person to enter a password.

The hack was in part successful because Face ID doesn't scan the entire face but focuses on a few features.

In their newly released statement, Bkav has not specified how many attempts it took them to unlock the iPhone X. However they have stated the overall cost of making the mask was around $150.

The new technology has passed nearly all the security tests with flying colours; until a security firm called Bkav allegedly created a mask to beat the FaceID.

The researchers also don't expect such a technique to be used against the everyday iPhone X user.

"This seems like an unlikely sequence of events", Paul Norris, a systems engineer at security company Tripwire said.

Other reports by Ligue1talk

Discuss This Article