According to security researchers, the Face ID security feature of the latest and greatest $1000 iPhone X was hacked by using a $150 mask. Hackers developed a special mask which is more than capable of defeating the iPhone X face identification authentication feature and here’s how they did it:
As per a blog post on Friday via Bkav, a Vietnamese cyber security company, the mask is built from 3D plastic, silicone, makeup and printed photos. Thus, Bkav “hackers” were able to unlock an iPhone X in just seven days after its official release.
The $150 mask is very simplistic in terms of features, but it’s enough to fool the smartphone’s facial recognition feature. The mask mimics the phone owner’s facial features, i.e. a nose made of silicone, the images of lips and eyes printed on paper and a 3D printed frame depicting the owner’s face. As Bkav puts it, iPhone X’s Face ID makes for an inefficient security measure by any metrics; however, in order to build such a mask (at least using current technology) you’ll have to get extensive access to the subject’s face.
The company built the mask with the help of an artist who sculpted the nose and high-end scanning software, which was used to accurately depict the subject’s face shape. Also, whilst Bkav criticized Apple for its alleged failure to take all the necessary steps to create a “bullet-proof” face identification system, they admitted that the average iPhone X user is not at risk of such a hack-attack:
“Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID’s issue.
We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it,”