Apple iPhone X Face ID ‘Is Tricked’ By 3D Printed Mask

A Vietnamese cybersecurity firm claims to have tricked the facial recognition feature on the iPhone X using a 3D-printed mask.

Researchers at Bkav created the $150 mask shortly after obtaining the smartphone on 5 November. It took them less than a week to spoof Face ID and say it was even easier than they expected with only half a face needed to create the mask.

“The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID,” explains Ngo Tuan Anh, vice president of cybersecurity at Bkav.

Face ID security

Face ID is one of the headline features of the £1,000 iPhone X and can be used to unlock the device. There have been a number of attempts to crack the feature but none have succeeded. Bkav says it was able to do so because of its expertise and posted a video on its website.

“It is quite hard to make the ‘correct’ mask without certain knowledge of security,” Bkav argues. “We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. As in 2008, we were the first to show that face recognition was not an effective security measure for laptops.”

Bkav has been a long-term critic of facial recognition and alleges that Apple rushed out Face ID without properly securing it. It adds that the most secure form of biometric security is fingerprint, just like the Touch ID system that Face ID replaces.

However given the sophisticated techniques used to create the mask, Bkav says it is government leaders, government workers and high ranking executives that would be the likely target.

It is understood that Bkav’s experiments are not seen as a credible proof of concept, while security experts have suggested that Face ID was a feature designed to be convenient rather than ultra secure.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

“Time and effort were involved in creating the mask that fooled the Face ID recognition software,” says Paul Norris, senior systems engineer at Tripwire. “Detailed dimensions would have to be taken to create the mask, and the security firm alluded to the fact that they had to use a special material on the mask too. What they didn’t disclose was how many attempts and what level of effort it took to get the mask to work flawlessly.

“Is this really a risk to iPhone X users? Apple will disable the Face ID after five attempts, and force the user to enter a passcode, which should be secure.

“In order to compromise Face ID authentication, the attacker would have to have a detailed map of the face of the user, create a mask that would map the exact details of the victim’s face, unlock the phone within five attempts and do all of this within 48 hours. This seems like an unlikely sequence of events.”

A report last week suggested the Face ID could be used in the next iPad.

Quiz: What do you know about Apple?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago