Cybersecurity experts 'beat' Face ID with carefully constructed 3D mask

Gwen Vasquez
November 14, 2017

And it happened... A security firm has managed to trick Apple's innovative Face ID with a 3D mask specially created to fool the facial recognition system.

Security researchers at Bkav Corporation recently announced that they had succeeded in tricking Apple's Face ID concept by using a face mask that was crafted by using a popular 3D printer, a hand-made nose, and certain parts of it designed with a 2D printer.

The 3D printed mask, which also has silicone features and 2D images pasted onto it, was used to thwart Apple's Face ID phone unlock system, a new feature incorporated into the iPhone X to supposedly provide a more convenient unlock option than the current fingerprint and password options. The researchers found that large portions of the face did not have to accurately depict the subject in order for Face ID to successfully unlock.

Bkav had first started work on the hack on 5 November when it had received the phone.

IBTimes UK has reached out to Bkav and Apple for comment and is awaiting a response.

More news: King's commute: LeBron, Cavs hop on NYC subway after shootaround

When it launched the iPhone X, Apple said that the company has worked with professional mask makers and Hollywood makeup artists. "These are actual masks used by the engineering team to train the neural network to protect against them in Face ID".

Bkav did say that attacks would likely be executed on high-profile targets: "FBI, CIA, country leaders, leaders of major corporations, etc. are the ones that need to know about the issue, because their devices are worth illegal unlock attempts", it said. We also found that odd but were able to replicate the unusual behavior on an iPhone X unit Apple provided us. The mask is claimed to have cost around $150 to make, which seems cheap when you consider the effort and vast resources Apple put into developing the $999 iPhone X and its Face ID system.

The Cupertino giant touted the FaceID as the biggest highlight of the iPhone X during its launch. The facial recognition is also disabled if the iPhone X hasn't been unlocked for more than two days.

Biometric FolliesPhilip W. Schiller, Apple's senior vice president of worldwide marketing, speaks on September 13 at the launch of the iPhone X. If you're concerned that someone might want into your devices badly enough that they'd execute such an involved plan to steal your facial biometrics, well, you've probably got a lot of other things to worry about as well. "And until all of these wrinkles are out of biometrics, we have the problem that once copied, unlike passwords, you can't change it". You can register Face ID on anything with a face, including the mask. But biometrics remains a cat-and-mouse game (see Biometrics: Advances Smack Down Workarounds).

Other reports by LeisureTravelAid

Discuss This Article