When Apple announced the iPhone X before, it promised its new unlocking mechanism. Face ID was twice as secure as its predecessor, Touch ID. It declared there was a one in 1,000,000 chance its facial recognition software may be unlocked by the wrong person. Security companies and tech around the world immediately accepted the challenge to got work.Security researchers say they used a $150 mask to break the Face ID facial recognition system that locks Apple’s new iPhone X. The work may be significant, it may be little more than a stunt with few real-world consequences.It may possibly be something in the middle.It’s impossible to know because the researchers have evaded key questions about how they went about breaking into the device.
The supposed hack was carried out by researchers from Vietnamese security firm Bkav, which in 2009 demonstrated a way to bypass face-based authentication in Toshiba and Lenovo laptops. Company researchers published a video showing them unlocking an iPhone X by presenting it with a custom-made mask instead of the live human face that Apple has repeatedly insisted is the only thing that can satisfy the requirements of the facial recognition system.The hackers used a 3D printer to make a mask that beat the facial recognition software and it cost just $150 to make, blowing a huge hole in one of the major selling points of the new Apple device.
The researchers said they designed their mask using 2D and 3D printers and that an artist made the nose by hand using silicone materials. Other features of the mask used 2D images and “special processing on the cheeks and around the face and also there are large skin areas” in a successful attempt to defeat the artificial intelligence.Face ID uses to distinguish real faces from images, videos, or masks.”It is quite hard to make the ‘correct’ mask without certain knowledge of security,” a Bkav representative wrote in an e-mail to Ars. “We were able to trick Apple’s AI, as mentioned in the writing because we understand how their AI worked and how to bypass it.”
The video press release omitted key details that are needed for other researchers to assess.If results represent a true bypass of an authentication system Apple has spent years developing. One of the most important details is whether the mask successfully unlocked the iPhone immediately after it was made up to use the real human face for authentication.If the bypass succeeded only over a long period of time following the face enrollment. The distinction is crucial. According to a white paper, Apple published earlier this month, Face ID takes additional captures over time and uses them to augment enrolled Face ID data. If the researchers trained Face ID over time to work with the mask, they were giving themselves an advantage a real-world attacker wouldn’t have.
Another important consideration is how the mask was made. The artist or any of the researchers have to have access to the real face the mask was based on? Did the human target sit for measurements or the taking of a mold? On the other hand, was the mask solely crafted using images or videos that could be taken without the target’s knowledge or consent? Throughout the weekend, Ars pressed Bkav representatives repeatedly to describe these and other details. The representatives deflected and at times outright evaded the questions: One way of reading the responses suggests that the researchers and artist required the help of the target to create the mask.In the future, the researchers think it will be possible to design similar masks that will instead require only the aid of 3D scans or photographs that could be taken without the target’s knowledge or consent. If this interpretation is correct, the bypass is still interesting because it undermines Apple’s contention that only a live face can be used to unlock a Face-ID enabled phone. But a hack that requires the help of the target would nonetheless suggest that for the time being which remains relatively secure.Bkav researchers must publish a longer video that documents what was required to make the mask of whether it’s able to fool Face ID immediately after a real face has been enrolled. Until then, it’s impossible to say if this is a real hack.