Network security experts have bypassed the facial authentication technology, Face ID, on Apple’s latest flagship iPhone X smartphone using a 3D printed mask.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Vietnamese security company Bkav created the mask in five days using a 3D-printed frame, 2D images, an artist-built nose and specialised processing around the skin areas of the face, at a total cost of $150 (£115).
“With Face IDs being beaten by our mask, FBI, CIA, country leaders, leaders of major corporations, etc. are the ones that need to know about the issue, because their devices are worth illegal unlock attempts. Exploitation is difficult for normal users, but simple for professional ones,” said Bkav in a blog post, where it detailed its discovery.
The company further claims Face ID only needs to see half a face for the technology to unlock the device, which made the process easier for them.
“You can try it out with your own iPhone X. The phone shall recognise you even when you cover one half of your face. It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI [artificial intelligence]. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”
Apple’s latest iPhone uses a so-called “TrueDepth” camera, which maps 30,000 dots on the user’s face per verification. The giant said it worked with mask makers to train the phone’s neural network to recognise false faces, and that Face ID is significantly more secure than Touch ID.
Apple said it has no comment at this time, but cited its support page, which says Face ID’s ability to recognise depth and user attention ensures security. Computer Weekly understands Bkav’s discovery is not being treated as a viable proof of concept.
Concerns about Face ID
A survey from virtual private network comparer Top10VPN.com has highlighted the apprehension towards Face ID.
The research was conducted using 2,048 British adults and found 79% of them prefer to use fingerprints or a passcode instead of face recognition. Furthermore, 60% of the respondents were unconvinced about the technology and 20% said they are put off purchasing the iPhone X because of it. In contrast, 8% felt the need to purchase the new phone specifically for Face ID.
The biggest cause for concern is that businesses will profit from biometric data without the user’s consent (47%) and that it is easier to for hackers (42%). In addition, 61% of respondents were worried about the security of the facial data, a concern which may be a misconception.
Simon Migliano, head of research at Top10VPN, said that whilst the average consumer should not be worried by Bkav’s bypass, it demonstrates that Face ID may not be as secure as Touch ID.
“Consumers’ hesitance to embrace Face ID appears well-founded given it’s taken a security firm only a week to apparently beat it with a cheap mask,” he said.
“While there’s no need for iPhone X owners to start panicking, it certainly undermines claims that Face ID is more secure than the fingerprint technology it aims to replace, which our research shows to be the more popular method of securing smartphones.”