Apple iPhone X Face ID ‘Is Tricked’ By 3D Printed Mask

A Vietnamese cybersecurity firm claims to have tricked the facial recognition feature on the iPhone X using a 3D-printed mask.

Researchers at Bkav created the $150 mask shortly after obtaining the smartphone on 5 November. It took them less than a week to spoof Face ID and say it was even easier than they expected with only half a face needed to create the mask.

“The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID,” explains Ngo Tuan Anh, vice president of cybersecurity at Bkav.

Face ID security

Face ID is one of the headline features of the £1,000 iPhone X and can be used to unlock the device. There have been a number of attempts to crack the feature but none have succeeded. Bkav says it was able to do so because of its expertise and posted a video on its website.

“It is quite hard to make the ‘correct’ mask without certain knowledge of security,” Bkav argues. “We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. As in 2008, we were the first to show that face recognition was not an effective security measure for laptops.”

Bkav has been a long-term critic of facial recognition and alleges that Apple rushed out Face ID without properly securing it. It adds that the most secure form of biometric security is fingerprint, just like the Touch ID system that Face ID replaces.

However given the sophisticated techniques used to create the mask, Bkav says it is government leaders, government workers and high ranking executives that would be the likely target.

It is understood that Bkav’s experiments are not seen as a credible proof of concept, while security experts have suggested that Face ID was a feature designed to be convenient rather than ultra secure.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

“Time and effort were involved in creating the mask that fooled the Face ID recognition software,” says Paul Norris, senior systems engineer at Tripwire. “Detailed dimensions would have to be taken to create the mask, and the security firm alluded to the fact that they had to use a special material on the mask too. What they didn’t disclose was how many attempts and what level of effort it took to get the mask to work flawlessly.

“Is this really a risk to iPhone X users? Apple will disable the Face ID after five attempts, and force the user to enter a passcode, which should be secure.

“In order to compromise Face ID authentication, the attacker would have to have a detailed map of the face of the user, create a mask that would map the exact details of the victim’s face, unlock the phone within five attempts and do all of this within 48 hours. This seems like an unlikely sequence of events.”

A report last week suggested the Face ID could be used in the next iPad.

Quiz: What do you know about Apple?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

5 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

6 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

7 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

8 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

9 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

10 hours ago