Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn’t — trick the phone’s facial recognition software. How? One very creepy mask.
In a video released by the company Bkav, an employee unshrouds the mask, to which the phone apparently responds to by unlocking. “Face ID on this iPhone X is not as secure as Apple has announced,” the employee says. The employee then unlocks the phone again with his own face.
On its website, Bkav says it made the mask with two- and three-dimensional printers, silicone and “hand-made” skin to “trick Apple’s AI.”
The whole thing cost about $150, the company says.
A feature of the iPhone X, Face ID uses facial recognition rather than a passcode or fingerprint to unlock the phone. It can also be used to confirm identity to make purchases and sign in to other apps.
Of course, a feature like that has attracted a few skeptics.
Wired made an array of deeply creepy masks, hiring a special effects makeup artist who spent 17 hours embedding thousands of eyebrow hairs with a needle — all of which failed to unlock the phone. The Wall Street Journal tried to fool it, and succeeded — but only by using 8-year-old identical triplets.
Apple would not comment on the video for this story. And NPR was not independently able to verify the claims.
When the iPhone X was unveiled in September, Apple marketing executive Philip Schiller said that Face ID’s creators had developed a “neural engine” to process facial recognition that wouldn’t “easily be spoofed by things like photographs,” he said.
“They’ve even gone and worked with professional mask-makers and makeup artists in Hollywood to protect against these attempts to defeat Face ID. … We require user attention to unlock. That means if your eyes are closed, you’re looking away, it’s not going to unlock,” Schiller said at the time.
Schiller also put the odds of a random person being able to unlock your phone’s Face ID at 1 in 1,000,000.
But Bkav, the security firm, said hacking Face ID wasn’t as hard, pointing out that the software would recognize the owner’s face even if half-covered.
“It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask,” the firm asserted.
Bkav calls its hack proof of concept, “the purpose of which is to prove a principle.”
Marc Rogers, a researcher at the security firm Cloudflare, told Wired that if Bkav has indeed succeeded in hacking Face ID, the most surprising aspect would be the discovery that printed eyes could deceive it — no eye motion needed.
The magazine also notes that Bkav has a history of successfully breaking laptops’ facial recognition tools with nothing more than 2-D images of a face.