When it launched its new handset, the iPhone X, Apple claimed that its Face ID is basically impossible to bypass. While it does seem to be more efficient than the Samsung Galaxy S8’s facial recognition feature, the iPhone X’s Face ID isn’t bulletproof either. Vietnamese cybersecurity firm Bkav recently came forward stating that the Face ID can be fooled by a relatively cheap mask. The mask doesn’t even have to look exactly like the user, it only has to focus on some points in order to unlock the iPhone X. The nose, the eyes, and the mouth are the only cut-outs that need to perfectly match the user’s eyes, nose, and mouth, and these can even be 2D images of these facial features.
According to Bkav, the mask is a combination of 3D printing, makeup, and 2D images. It costs around $150 to make and it can fool the Face ID feature of Apple’s iPhone X and unlock the phone. Of course, regular iPhone X users probably shouldn’t worry too much about this problem. It’s not their handsets hackers are usually after. instead, they focus on leaders of countries or major corporations, whose smartphones might contain important and valuable information regarding their work. The fact that a $150 mask can bypass the Face ID is, in this case, a major problem.
Other researchers already tried and failed to bypass the Face ID on the iPhone X with silicone masks, so, for a while, this security feature seemed to be quite effective. Unfortunately, it seems that the iPhone X’s facial recognition software isn’t unbeatable either. It is quite surprising that the mask doesn’t even have to be very life-like. As you can see in the video below, it only contains 2D cut-outs of some of the user’s facial features, and the rest looks like a bandaged face. Of course, in order to be able to bypass the security feature, the mask needs to be accurate when it comes to the depths of the other features. After all, it needs to trick Apple’s True Depth sensor.
It is also concerning that it took the researcher less than a week to make the mask that is able to fool the Face ID feature of Apple’s flagship. Of course, we didn’t think that this is indeed a bulletproof feature, but we did hope that it will be harder to crack than this. Apple will probably further improve the software to make sure that tricking it is not as easy as it is today. Even so, the face ID is a lot harder to trick than the Touch ID was, so this is definitely a step forward.