By this point, the iPhone X Face ID has been bested on numerous occasions, one of which was conducted by Bkav Corp. The Vietnamese researchers are back at it again, this time from a simpler, more realistic method.
While another attempt at cracking Apple’s authentication system might seem a little redundant, Bkav’s first attempt was overly intricate and would perhaps only be a method fitting for a spy movie rather than real-world risks.
The previous mask included a 3D printer, $150-worth of parts, extensive arts and crafts skills to portray realistic features and possibly needing cooperation from the victim in order to accurately break into the iPhone X.
This time, the “materials and tools are casual for anyone,” using stone paper and glued 2D images of the eyes onto a fake face, something you could potentially get in the form of a mannequin head. Bkav dubs this method the “artificial twin,” and is something that practically anyone could do.
The test itself was conducted under the $999 iPhone X’s strictest security settings, matching the owners face as best it can, but unfortunately was no match for the artificial twin, which managed to make quick work of the authentication.
“About two weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc. should be cautious when using Face ID. However, with this research result, we have to raise the severity level to every casual users: Face ID is not secure enough to be used in business transactions,” said Bkav Vice President of Cybersecurity Ngo Tuan Anh, as he explained just how much of an improvement this mask was over its predecessor.
This isn’t the best news for such a key feature in flagship device, but attackers will still need direct access to the victim’s phone to use this technique. So while Bkav’s security warning level has been increased, this is unlikely to actually affect anyone in real-world scenarios. That being said, it does call into question what other security flaws the tech possesses as it was originally “designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks.”
These slightly over-the-top methods wouldn't be too much of a problem, however Face ID has also experienced numerous problems with relatives able to unlock iPhone X smartphones that are registered to other users. Apple has yet to comment on the situation.
KitGuru Says: While Apple shouldn’t have boasted about the strength its Face ID apparently doesn’t have, it is worth remembering that this technology is still in its consumer infancy. This will likely get better as time goes on, even quelling worries over these Bond-movie-esque attempts to get access to your photo library.
Because getting 2D Infrared images and creating a 3D mask of your intended target, as well as artistically painting it, clearly is a “consumer level hack”….This really ain’t the Face ID bum rush Bkav Corp are making out it is.