Apple iPhone X Face ID ‘Is Tricked’ By 3D Printed Mask

A Vietnamese cybersecurity firm claims to have tricked the facial recognition feature on the iPhone X using a 3D-printed mask.

Researchers at Bkav created the $150 mask shortly after obtaining the smartphone on 5 November. It took them less than a week to spoof Face ID and say it was even easier than they expected with only half a face needed to create the mask.

“The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID,” explains Ngo Tuan Anh, vice president of cybersecurity at Bkav.

Face ID security

Face ID is one of the headline features of the £1,000 iPhone X and can be used to unlock the device. There have been a number of attempts to crack the feature but none have succeeded. Bkav says it was able to do so because of its expertise and posted a video on its website.

“It is quite hard to make the ‘correct’ mask without certain knowledge of security,” Bkav argues. “We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. As in 2008, we were the first to show that face recognition was not an effective security measure for laptops.”

Bkav has been a long-term critic of facial recognition and alleges that Apple rushed out Face ID without properly securing it. It adds that the most secure form of biometric security is fingerprint, just like the Touch ID system that Face ID replaces.

However given the sophisticated techniques used to create the mask, Bkav says it is government leaders, government workers and high ranking executives that would be the likely target.

It is understood that Bkav’s experiments are not seen as a credible proof of concept, while security experts have suggested that Face ID was a feature designed to be convenient rather than ultra secure.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

“Time and effort were involved in creating the mask that fooled the Face ID recognition software,” says Paul Norris, senior systems engineer at Tripwire. “Detailed dimensions would have to be taken to create the mask, and the security firm alluded to the fact that they had to use a special material on the mask too. What they didn’t disclose was how many attempts and what level of effort it took to get the mask to work flawlessly.

“Is this really a risk to iPhone X users? Apple will disable the Face ID after five attempts, and force the user to enter a passcode, which should be secure.

“In order to compromise Face ID authentication, the attacker would have to have a detailed map of the face of the user, create a mask that would map the exact details of the victim’s face, unlock the phone within five attempts and do all of this within 48 hours. This seems like an unlikely sequence of events.”

A report last week suggested the Face ID could be used in the next iPad.

Quiz: What do you know about Apple?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Bitcoin Value Reaches $63,000 Record High

The value of the Bitcoin cryptocurrency continues to fluctuate, but has now surpassed $63,000 in…

6 hours ago

Iran’s Natanz Cyberattack Blamed On Israel

Second Stuxnet? Iran's Natanz nuclear facility suffered another cyberattack at the weekend, with the finger…

8 hours ago

Google Founders Larry Page, Sergey Brin Personal Fortune Grows

Share surge in Alphabet over the past year allows founders Larry Page and Sergey Brin…

10 hours ago

Apple Teases New Devices With ‘Spring Loaded’ Event

New devices to be revealed next week may include new iPads, AirTags, or even augmented…

12 hours ago

Chip Shortage – Renault To Extend Idle Factories Until September

Three of Renault's four car factories in Spain will be partly idled until end of…

14 hours ago

NHS Website Crashes Briefly Amid Rush For Vaccine Bookings

After the government authorises Covid-19 vaccines for over 45s, NHS booking website crashes briefly under…

14 hours ago