The iPhone X released earlier this month to mostly positive reviews. Most people are feeling Apple's fresh new design on the flagship smartphone. One feature, in particular, Face ID, has been the topic of debate since it was displayed at WWDC this past September. The face scanning technology would replace a proven and reliable security feature known as Touch ID. There was much speculation about whether Face ID would be as secure, effective, and efficient as its predecessor.
Well, it seems as though Apple won't be awarded any military or CIA security contracts in the near future as a Vietnamese cybersecurity firm, Bkav, announced they were able to fool the system with a 3D printed mask. The mask was composed of a 3D-printed frame, a hand-sculpted silicone nose, and a layer of photos on top.
The disguise was made with only $150 worth of materials but required an advanced scanning system to mirror the exact facial features, as well as a professional artist to tailor the silicone nose for an exact match.
The team at Bkav released a statement that said bypassing the FaceID security function was "even simpler than we ourselves thought."
"After nearly 10 years of development, face recognition is not mature enough to guarantee security for computers and smartphones. With Face ID being beaten by our mask, FBI, CIA, country leaders, leaders of major corporations, etc. are the ones that need to know about the issue, because their devices are worth illegal unlock attempts. Exploitation is difficult for normal users but simple for professional ones."
Apple claims the odds of someone fooling FaceID with a mask or photo is one in a million, even though the system can have trouble differentiating between identical twins. Bkav declared they are the first to use a mask to trick Face ID and considering how much time and effort Apple invested into the new system to ensure its security, like enlisting the help of design experts to create masks and other tools to try and bypass the lock screen, and training the neural network behind FaceID on over one billion faces, it's an impressive achievement.
Everyday users won't be affected by this exploit because of the time and effort required to make a quality replica, however, public figures and individuals whose photographs are easier to access would be at risk, but minimal. Even if someone makes the perfect clone of someone's face, they still need to physically have the phone in their possession. It would be easier for someone to just hack into your phone via another method before spending time making a mask.
Nonetheless, FaceID has been infiltrated by unauthorized means less than a month into its debut on the iPhone X. Apple never claimed the system was without flaws, but it does show that biometric security on smartphones has a long way to go.
Drop a comment below and let us know if you think replacing TouchID with FaceID was the best move.