HACKERS TRICK IPHONE X FACE ID WITH $150 MASK
“It was even simpler than we ourselves had thought”
Security researchers have reportedly developed a mask capable of breaking the Face ID authentication feature on Apple’s recently released iPhone X.
Vietnamese security firm Bkav announced in a blog post Friday that the mask, comprised of 3-D-printed plastic, makeup, silicone and printed photos, was able to trick an iPhone X into unlocking just one week after the device’s release.
Costing just $150 to produce, researchers say the simplistic mask only features aspects of the face necessary to fool the phone’s facial recognition: a silicone nose, images of eyes and lips printed on paper and a 3D-printed frame of the test subject’s face.
Bkav, which called Face ID an ineffective security measure, did admit however that producing such a mask required extensive access to a user’s face.
An artist was used to properly sculpt the nose while sophisticated scanning software was utilized to ensure the accuracy of the face’s shape.
Although Bkav says their research suggests Apple has not taken the necessary steps to develop a more secure facial recognition system, the company stressed that average iPhone users are not at risk of such a targeted attack.
“Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID’s issue,” the company says.
Apple stated during a presentation last September that special effects artists had been tasked with designing numerous masks during Face ID’s development in an attempt to protect against the very hack carried out by Bkav.
WIRED Magazine earlier this month also attempted to bypass Face ID but failed.
— Andy Greenberg (@a_greenberg) November 3, 2017
“With the help of a special effects artist, and at a cost of thousands of dollars, we created full masks cast from a staffer’s face in five different materials, ranging from silicone to gelatin to vinyl,” WIRED’s Andy Greenberg wrote. “Despite details like eyeholes designed to allow real eye movement, and thousands of eyebrow hairs inserted into the mask intended to look more like real hair to the iPhone’s infrared sensor, none of our masks worked.”
Bkav says its success is rooted in its extensive knowledge of facial recognition technology stretching back more than 10 years.
“We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it,” the company says.
In 2008 the security firm was able to break into numerous laptops employing facial recognition using only digital images of a user’s face.
Got a tip? Contact Mikael securely: keybase.io/mikaelthalen