Hackers may have already proven that Face ID isn’t quite as secure as secure as Apple claims.
Using a simple 3D printed mask, Vietnamese security firm Bkav, has posted a video showing an iPhone X being unlocked after unveiling a composite 3D-printed mask made of plastic, makeup, silicone and paper cutouts for some facial features.
Bkav detailed how it hacked Face ID in a blog post but has not publicly demonstrated the process yet. It also hasn’t been confirmed by a third-party yet. Normal iPhone X users shouldn’t really be alarmed either because for now it requires a lot of time to 3D scan your face. Still, Bkav says it shows Face ID is less secure than Touch ID.
“Apple has done this not so well,” wrote Bkav. “Face ID can be fooled by mask, which means it is not an effective security measure.”
Fooling Face ID
The mask used by the hackers consisted of a 3D-printed frame of the victim’s face. They then attached a sculpted silicone nose, two-dimensional eyes and lips printed on papers. It’s a much simpler solution than the Hollywood-quality masks commissioned by WIRED that had much more detailed hair and facial features that failed to trick Face ID.
“The recognition mechanism is not as strict as you think,” wrote Bkav. “We just need a half face to create the mask. It was even simpler than we ourselves had thought.”
Even though Bkav claims to have beat Face ID, there’s still a lot of questions on how legitimate the hack is. It’s still unclear how the phone was registered and trained on the owner’s real face. To pull off the hack you need access to 3D scan the person’s face for 5 minutes.
Bkav said it made four masks that failed to unlock Face ID and then got it right on the fifth attempt. Billionaires and top CEOS could be potential targets of the hack, but most iPhone X owners have nothing to worry about.