One of the most defining features of the iPhone X is Face ID. Since the iPhone X has an almost bezel-less screen, it ditched the home button and subsequently, the fingerprint scanner, and it moved on to a 3-D depth scanning facial recognition system.
With that new design direction, Face ID replaced Touch ID as the biometric security authorization system of the iPhone X and is used for a variety of tasks like unlocking the phone, Apple Pay, app purchases and in-app logins. Apple said that Face ID is more secure than Touch ID and the odds of someone duping it is one in a million – vastly superior to the one in 50,000 odds of Touch ID.
However, now that security researchers have had the chance to poke, dissect and probe Face ID, is it still as secure as Apple claims it to be?
Face ID mask?
Vietnamese cybersecurity company Bkav claims that it has successfully duplicated a person’s face to fool Face ID and unlock an iPhone X using a fabricated mask.
The special mask was created with a combination of 3-D printed plastic, silicone, makeup and 2-D paper cutouts. Special processing was also applied on the mask’s cheeks and around the face and the nose is made up entirely of silicone.
Bkav said that the cost to produce the mask is relatively cheap at $150. The company started working on the hack after it received its iPhone X on November 5, which means they crafted the Face ID mask in less than a week.
In a demonstration video posted by the company, it shows how a researcher was able to unlock an iPhone X using both the 3-D composite mask and his own face.
Still proof of concept
It is important to note that this technique is just a proof-of-concept hack at this time and it has not been confirmed nor verified by other security companies.
It is also a fairly complex procedure since the mask needs a detailed digital scan and an accurate representation of a target’s face. Bkav noted that they used a handheld scanner and it took about five minutes of manually scanning the target’s face.
Do you need to be worried?
With that said, it’s highly unlikely that average consumers will need to worry about this hack. It sounds like it’s more suitable for orchestrated spying, which requires more effort to pull off than a mere facial scan.
“Potential targets shall not be regular users, but billionaires, leaders of major corporations, national leaders, and agents like FBI need to understand the Face ID’s issue,” Bkav wrote.
The researchers also pointed out that “exploitation is difficult for normal users but simple for professional ones.”
So for now, it looks this hack is merely an experiment successfully pulled off in a very controlled environment. Although they might develop more advanced techniques that can render a full Face ID hacking mask from shorter facial scans and 2-D photographs, Face ID is still vastly more secure than Touch ID.
To read more about Bkav’s Face ID mask, click here to read its FAQ page.
iPhone X unveiled: Kim’s trusted opinion – Do you get what you pay for?
Is Apple’s newest flagship phone, the iPhone X, really worth the money? Here’s our review.