One of the cool new features of the iPhone X is Face ID, Apple’s facial recognition system that securely unlocks the handset. The iPhone X has only been out for 17 days and yet there are already hackers proclaiming that they have been able to bypass iPhone X’s Face ID. Cybersecurity researchers in Vietnam have said that they have been able to fool Apple’s facial recognition feature by using a mask that costs $150.
Cybersecurity firm Bkav created a 3D-printed mask that uses makeup, silicone, and 2D images to trick the iPhone X’s software into thinking the disguise is the actual user. The mask has some “special processing done on the cheeks and around the face” to make it appear like a human. Sorta. The skin and nose are created from silicone. The mask was able to trick Apple’s depth mapping. This comes despite Apple saying that the Face ID resists deception and “defends against attempts to unlock your phone with photos or masks.”
Bkav stated that Face ID is “not an effective security measure” and could be fooled. “Country leaders, leaders of major corporations… are the ones that need to know about the issue, because their devices are worth illegal unlock attempts,” Bkav said on its website. “Exploitation is difficult for normal users, but simple for professional ones.”
In September, Apple’s Senior Vice President of Worldwide Marketing Phil Schiller said the company had worked with professional mask makers and makeup artists in Hollywood to ensure the iPhone X could not be deceived. “These are actual masks used by the engineering team to train the neutral network to protect against them in Face ID,” said Schiller. Apple noted that the probability of a random person unlocking an iPhone X with Face ID is approximately 1 in 1,000,000, compared to 1 in 50,000 for Touch ID. It is difficult to believe that Apple’s best security feature is being fooled by a mask that looks like someone’s homemade mummy mask.