Science

IPhone X FaceID hacked using 3D printed face, again

IPhone X FaceID hacked using 3D printed face, again

Vietnamese security firm Bkav is back again with a new video which showcases its latest attempt to fool Face ID. This time around the video clearly shows that both the "Require Attention for Face ID" and "Attention Aware Features" were turned on in the iPhone X used for testing.

This isn't great news for Apple who has been talking up its Face ID tech in support notes: "It's created to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks". If those numbers are accurate, that 10 times more than what Face ID grabs in the same time frame. At the iPhone X launch event, Apple admitted its facial recognition tech could be tricked by an "evil twin", but assured people it had worked with Hollywood studios to prevent masks being used as hacking tools. This is because Face ID mistakenly recognizes the infrared images as real eyes.

The new 3D printed Face ID-fooling mask is made from a stone powder, with 2D infrared pictures of eyes taped over the top-infrared being the technology used by Face ID to detect faces.

In this clip, we see the researcher capture his Face ID profile in real time.




Also interesting is that the toggle for "Require Attention for Face ID" is switched on, thus showing that Bkav's 3D masks can fool Face ID even at its highest security setting. As this experiment was just released yesterday there is no comment yet from Apple. However, with this research result, we have to raise the severity level to every casual users: "Face ID is not secure enough to be used in business transactions".

The process, as simple as Bkav likes to make it sound, is still rather complex. Because the hack was so easy, Bkav strongly recommends avoiding Face ID as a means of protecting sensitive data. You need a high quality image of the person whose phone you're trying to access, as well as access to a 3D printer and various other materials, not to mention direct access to the person's phone.

As we all know Face ID is the only biometric authentication feature on the iPhone, because the device lacks the Touch ID and dedicated home button on the front.