iPhone X owners are finding they might have been handed a dud after its much-lauded Face ID was outwitted by a printed mask.
We already know the facial recognition system used to unlock the latest handsets is riddled with security flaws.
Apple admitted the iPhone X tech won’t work for teenagers and may not be able to distinguish between brothers and sisters in the same family.
Now Vietnamese security firm Bkav claims it was able to unlock an iPhone X – not with a human face – but with a 3D-printed silicone mask.
The news will be a blow to Apple, who went to great lengths to show their Face ID could not be hacked, even employing Hollywood makeup artists to create face masks to try to fool the system.
Bkav managed to create a face mask for just £114, using a combination of 3D and 2D printed pieces and a hand-made silicone nose.
When they held this up to the iPhone’s recognition system, voila, the phone was unlocked.
It raises further concerning questions about just how secure Apple’s flagship £999 phone really is.
What is Face ID?
Face ID allows its user to unlock their phone without entering a password or using a fingerprint scan.
It uses a 3D sensing camera which emits tens of thousands of infrared dots to create a map of the user’s face, which it uses to compare it with a saved copy of the face on the device.
Internal Apple documents say that to use Face ID, users must set up their iPhone X with a passcode first. When Face ID detects and matches your face, the iPhone X unlocks without asking for your passcode – making “using a longer, more complex code far more practical because you don’t need to enter it as frequently”.
The probability that a random person would be able to pick up your phone and unlock it with their face is 1 in 1 million, said Apple, compared to 1 in 50,000 for the fingerprint sensor Touch ID.
And a passcode is still required after five unsuccessful unlock attempts with Face ID.
While the news that a mask can bypass this high-end security may be of concern, Bkav said it was more likely that high-profile users like celebrities or business leaders than the general public would be targets for this kind of spoof.
Anyone using the iPhone X for work, and keep valuable information such as industry or business information in the cloud should be concerned, said Bkav.
Are Bkav for real?
Experts have questioned the Vietnamese company’s intentions in devising this 3D mask test and releasing the information.
The firm produces its own Android-based device, the 3GB Bphone, a glass and aluminium offering with a 1920×1080 5.5in HD screen and 32GB of RAM, so it certainly has a stake in the premium smartphone market.
Meanwhile, other cyber experts have criticised the experiment’s lack of verification from an independent source.
I don't deny that what we have done should strengthen our company’s reputation, but one should see that as our job. This is something we’ve done for nearly 20 years. We were the first to point out that facial recognition technology was not entirely secure.- Nguyen Tu Quang: CEO, Bkav
It’s not the first time the Bkav has challenged facial recognition capability.
In 2009, its specialists bypassed face authentication in Toshiba and Lenovo laptops.
And their most recent attempt implies that even eight years on, “facial recognition isn’t mature enough” to be used for widespread commercial purposes, said Bkav.
Until Apple’s technicians have had time to work out bugs and potentials flaws in Face ID, it’s best to rely on fingerprint security to unlock your iPhone.
MAIN IMAGE: Gregory Varnum/Wikimedia Commons/CC-BY-SA 4.0