Security Firm Hacks Iphone X's Face ID Using a $150 3D Printed Mask
A security firm in Vietnam claims to have broken the Apple Face ID tech using a mask that cost less than $150 USD. When Apple released the iPhone X in September it boasted its face identification software was so good it would take 1-in-a-million for it to be unlocked by the wrong person. That was a statement that almost every hacker and security software around the world took as a challenge, and the Vietnamese firm, Bkav seem to be the winner. The company says they created the mask using 3-D printing, makeup, paper, and a hand-molded silicon nose. The team that worked on the hack, said they didn’t really use a particular method to break into the phone, but just kept adjusting the mask until the phone unlocked.
Mask only cost $150 USD to produce
Looking at images of the mask it doesn't appear too sophisticated resembling a cheap Halloween costume than a world record-breaking hacker trick.
Bkav has done other face recognition software hacking and say this time it took them only a week and about $150 USD to scare the living daylights out of Apple. "It was even simpler than we ourselves had thought," the company wrote in a blog post. The iPhone hack is yet to be confirmed by an outside source. Bkav admits this isn’t really a problem for most users of the iPhone. But they do say it is a very real threat to high powered users of the Apple device such as business people or intelligence officers. The company writes, "Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders, and agents like FBI need to understand the Face ID's issue.”
Apple oversold the technology
It is clear from the post on their website that what Bkav is most concerned about is Apple’s over-confidence in telling the world just how good their software is when it clearly isn’t doing the job it is supposed to. In the uncompromisingly direct post, they say: “Apple has done this not so well. Face ID can be fooled by mask, which means it is not an effective security measure."
Other security firms and amateur hackers have tried to unlock the phone using everything from masks to makeup but so far only Bkav has publicly announced their success. Bkav say they used relatively easy to access face scanning technology to create a map of the iPhone owner's face that they then created the 3D printed mask from. The company has reportedly not responded to other media company’s inquiries but say they will provide more detail of their research at a press conference tomorrow.
Company will provide details in press conference
Skeptics of the hack and accompanying video question how the phone was taught to recognize the face in the beginning. It may have potentially been taught to recognize a face that was less like its owner and more like the mask, making the hack much easier. If the hack does prove to be true, the simple fact that the eyes were able to be recognized from a simple 2D printout is the most worrying.
Apple patents leaked before the iPhone X’s release gave many people the idea that the phone needed to see eye movement in order to give the okay to unlock. But if 2D images are able to break the phone it means users who are restrained, unconscious, sleeping or even dead would be able to unlock their phone.
The company has revealed more details about the way they hacked the iPhone X, including a live demonstration of the hack at a press conference this morning. Watch the video below for more information.
23-year-old Karthic Rathinam's startup Out Of The Box creates durable, water-resistant and sturdy furniture made out of cardboard. He talks to IE about his eco-friendly products.