Barely ten days have gone since the launch of Apple's iPhone X and a cybersecurity firm claims to have fooled the Face ID technology in the smartphone using a mask. Vietnamese security firm Bkav released a blog post and video showing that they cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.
Terming the technology as not an effective security measure, Ngo Tuan Anh, Bkav's vice president of Cyber Security said, "The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool the AI of Face ID".
Bkav claimed that in order to bypass the security measure even half of the face is enough. The Face ID recognizes half the face and allows the user to unlock the phone. Thus, even half of the mask was enough to fool the AI, claims Bkav.
The company released a video, in which a company staff member pulls off a cloth from a face mask which is placed in front of the iPhone X. The phone instantly unlocks when the mask is placed in front of it. The mask had sculpted silicone nose, two-dimensional eyes and lips printed on paper which was mounted on a 3D printed plastic frame. The 3D frame was probably made from a digital scan of the victim's face.
In another incident, Mashable reported that iPhone X's Face ID was not able to distinguish between two identical twins. Apple has claimed that in case of identical twins it may be possible to fool the Face ID system and ensured that it is working on the issue.
As for the Bkav claims, much needs to be answered. Firstly, why the group has not shared its research with Apple, if its efforts are legitimate? And it’s not like a company like Apple never considered that hackers might try this methodology.
As the company says: Face ID matches against depth information, which isn’t found in print or 2D digital photographs. It’s designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks. Face ID is even attention-aware. It recognizes if your eyes are open and looking towards the device. This makes it more difficult for someone to unlock your iPhone without your knowledge (such as when you are sleeping).
Bkav is yet to answer these questions and only then we can pass judgement on Apple's much-talked about Face ID.