Hackers Broke Through the iPhone X Face ID with a $150 Mask

Lena Tucker
November 14, 2017

"Apple Face ID is not an effective security measure", a Vietnam-based cybersecurity firm, Bkav, said in a statement and video on its website.

The smartphone rival admitted the flaw but said that it never claimed facial recognition was uncrackable.

They said: " Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like Federal Bureau of Investigation need to understand the Face ID's issue [sic].

In addition to features such as keeping track of changes in facial appearance, Apple also offers an anti-spoofing software to stop Face ID trickery.

Clearly, these guys knew exactly what to look for in their Face ID-duping efforts, spending plenty of time simulating the features of one of their own.

In the video posted to YouTube one of the company's staff pulls a piece of cloth from a mounted mask facing an iPhone X on a stand, and the phone instantly unlocks. The company states that the best form of biometric security is a fingerprint, and Apple, which has not yet commented on Bkav's 3D printed mask, says that its new Face ID software is not well-suited for twins or children under 13, so it appears that the security measure is definitely not foolproof.

In a potted question and answer, Bkav says it is irrelevant if Apple's Face ID "learns" new images of the face with use.

With the advent of the iPhone X, Apple introduced its disruptive FaceID technology that identifies user's face to unlock the device, replacing the TouchID.

The firm is launching its own facial recognition technology named ZoOm Login which provides ultra-secure face authentication by matching the user via recognition algorithms and verifying 3D liveness via AI.

But despite that, it seems a mask that can trick the iPhone X may already have been created. However many have raised concerns as to how safe is Apple's face ID? Other parts, such as the eyes, are 2D images.

Face ID has to be used about every four hours, or else it'll prompt the person to enter a password. All of this was done to fool Apple's AI-powered Face ID tech.

It took the researchers some attempts to get the mask right in order to trick Face ID, but at $150, around £114, to create the mask, the hack is not massively expensive providing one has the knowledge how to create it to specifically beat facial recognition systems. Users can also remotely disable Face ID if they lose their iPhone.

Bkav did not give details of how long it took for its iPhone X to unlock with the mask.

Ultimately, the company thinks this probably means that regular iPhone X users aren't at a high risk of having their phone hacked into by mischievous intruders armed with 3D printers and fake noses.

Other reports by AllAboutTopnews

Discuss This Article