Mask fools Apple iPhone X's Face ID

Share

The trouble with facial recognition is that too many humans have defining characteristics that can not be dissected by a machine-we look too similar.

Bkav did say that attacks would likely be executed on high-profile targets: "FBI, CIA, country leaders, leaders of major corporations, etc. are the ones that need to know about the issue, because their devices are worth illegal unlock attempts", it said. Bkav said that they also kept the fact in the mind that the AI that powers Face ID learns over time.

The mask included a sculpted silicon nose, two-dimensional printed eyes and lips, a 3D printed plastic frame, some makeup, and simple paper cutouts. It's not impossible, but that's an impressive amount of hurdles to jump in a short amount of time without using a password, as BKAV claimed. You can register Face ID on anything with a face, including the mask. Several users have pointed out that the Face ID lock icon at the top doesn't open when the phone is facing the mask. The demo shows Face ID working in one try, too, although it's not clear how many false starts Bkav had before producing a mask that worked smoothly. Now, a Vietnamese security firm called Bkav claims it broke through the Face ID tech with nothing more than a cheap mask.

For most people, according to Terry Ray, chief technology officer at Imperva, a Redwood Shores, California, cybersecurity firm, "Face ID is probably just fine". The biometric software can unlock the phone, log in to a person's apps, and even authorize payments, and after stress-testing the technology with Hollywood-level silicone masks, Apple claims that there is a one in a million chance of another person being able to beat Face ID.

More news: 'Star Wars Battlefront II' Players Outraged Over Progression System, Microtransactions

Apple immediately rejected the report claiming "The quality and accuracy of Face ID haven't changed".

Face ID allows users to unlock their iPhone X by looking at it, then make purchases from the Apple store or conduct other Apple Pay transactions using stored payment card data. That puts their spoofing method in the realm of highly targeted espionage, rather than the sort of run-of-the-mill hacking most iPhone X owners might face, says Wired.

Face ID has to be used about every four hours, or else it'll prompt the person to enter a password. The mask took approximately 150 United States dollars to create. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

The researchers also don't expect such a technique to be used against the everyday iPhone X user. "This seems like an unlikely sequence of events", Norris said.

Share