A group of enterprising Vietnamese "hackers" recently claimed that they had managed to crack Apple's Face ID, the iPhone X's latest form of authentication.
The new iPhone uses what was promised to be groundbreaking facial recognition technology, but a week after its much-anticipated release, Vietnamese security firm Bkav released a video and blog post on their website last Friday showing a successful hack of the the smartphone.
They pulled it off by duplicating someone’s face in order to unlock their phone, a technique that turned out to be simpler than many security experts imagined possible. According to the accompanying video demonstration, they fooled the phone’s Face ID using a composite mask made from 3D-printed plastic, silicone, makeup and makeshift paper cutouts.
The demonstration has yet to be duplicated or confirmed by any other security researchers, but it could cast a serious shadow of doubt on the security of the iPhone X, especially in light of the hackers’ claim that the mask only cost US$150 to make. Apple claims that Face ID is much more secure than Touch ID, iPhone's current authentication method.
That said, the average iPhone user might not need to fret just yet, as it takes time, effort and access to someone’s face to crack the phone using this method, according to Wired. Bkav also added that their warning is only aimed at high-profile iPhone users:
"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders, and agents like FBI need to understand the Face ID's issue," the company writes in the post.
Still, Bkay was quite forthright about its findings in its blog post and FAQ stating: "Apple has done this not too well. Face ID can be fooled by mask, which means it is not an effective security measure." They added, "The recognition mechanism is not as strict as you think," Bkav researchers wrote. "We just need a half face to create the mask. It was even simpler than we ourselves had thought."
Although the researchers contend that they were able to hack the phone using a relatively simple mask, the construction of it would require either detailed measurements, or a digital scan of the iPhone’s owner in order for it to work, making the crack somewhat difficult to accomplish. The researchers said they used a handheld scanner and scanned the subject’s face over the course of five minutes in order to pull off the break-in.
Other security experts have questioned BKav's method and its likelihood of being replicated. Researcher Marc Rogers from security firm Cloudflare pointed out that the software company might have "weakened" the phone's sensor by training it to recognize the user's face in non-ideal environments where facial features are obscured. Thus, this teaches the phone to register a version of the face that might resemble the mask.
"For the moment I can't rule out that these guys might be tricking us a bit," Rogers told Wired.
Tech communities worldwide are still trying to make sense of Bkav's claim and its credibility. However, The Verge recently reported that a 10-year-old was able to unlock his mother's phone with his face. Nonetheless, this is only possible if the mother registered her face under specific lighting conditions. This corroborates Rogers' conjecture that Bkav's hacking of Face ID might be possible, but with a "weakened" facial recognition algorithm.
[Top photo via Reuters]
Related Articles:
- Vietnamese Tech Firm Unleashes 'the Best Smartphone in the World'
- Ready to Trade in Your iPhone for a Bphone?
- Cyber Security Breach Exposes 66,000 Vietnamese Personal Accounts