Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150.
Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during its launch event in September this year.
“Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID,” Apple’s senior VP of worldwide marketing Phil Schiller said about Face ID system during the event.
“These are actual masks used by the engineering team to train the neural network to protect against them in Face ID.”
However, the bad news is that researchers from Vietnamese cybersecurity firm Bkav were able to unlock the iPhone X using a mask.
Yes, Bkav researchers have a better option than holding it up to your face while you sleep.
Bkav researchers re-created the owner’s face through a combination of 3D printed mask, makeup, and 2D images with some “special processing done on the cheeks and around the face, where there are large skin areas” and the nose is created from silicone.
The researchers have also published a proof-of-concept video, showing the brand-new iPhone X first being unlocked using the specially constructed mask, and then using the Bkav researcher’s face, in just one go.
“Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it,” an FAQ on the Bkav website said.
“You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face. It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”
Researchers explain that their “proof-of-concept” demo took about five days after they got iPhone X on November 5th. They also said the demo was performed against one of their team member’s face without training iPhone X to recognize any components of the mask.
“We used a popular 3D printer. The nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition 9 years ago). The skin was also hand-made to trick Apple’s AI,” the firm said.
The security firm said it cost the company around $150 for parts (which did not include a 3D printer), though it did not specify how many attempts its researchers took them to bypass the security of Apple’s Face ID.
It should be noted that creating such a mask to unlock someone’s iPhone is a time-consuming process and it is not possible to hack into a random person’s iPhone.
However, if you prefer privacy and security over convenience, we highly recommend you to use a passcode instead of fingerprint or Face ID to unlock your phone.