Face ID cracked again with a mask, by the same researchers
The Vietnamese Bkav team has once again circumvented the integrated security protection on iPhone X based on facial recognition. Here is the video.
Display border-less and Face ID are the peculiar characteristics of the new iPhone X, and the latter in this case has been repeatedly targeted by various security companies. The first to defeat the defenses was Bkav, but there were also isolated cases of twins and children who managed to get around the protection method, the only one, present on the new iPhone. We’ve been talking about Bkav’s first attempt over the past few weeks, and now there’s a second one.
The first experiment was greeted by a series of doubts from enthusiasts and industry experts, and that’s probably why the company is back on the subject. In a post published on the official blog, Bkav explains that he used a mask printed in 3D, whose production costs about $ 200. Two different two-dimensional images were then applied on the mask, among which the infrared ones specific for the eyes in order to carefully simulate that part.
The eyes are a fundamental component for the functioning of Face ID, especially if we consider that the previous method used by the security company required the deactivation of the feature ” Pay attention. ” This is the function of a function that requires the gaze to be directed towards the terminal for unlocking. Through the modifications applied to the mask in the new experiment, Bkav has managed to overcome this limit too.
In the video made in support of the article, you can clearly see that the operator sets Face ID, and leaves enabled all the security features before allowing the mask to unlock it in a few moments. Bkav claims that the materials and tools used are ” for everyone “, and that Face ID is not ” safe enough to be used in major transactions “, such as Apple Pay, to cite the most popular case.
It is to be specified that to realize the hack it is necessary to have a 3D printer, hundreds of dollars of materials, physical access to the device and, above all, photographs and detailed molds of the victim’s face to reconstruct his features in the mask. Furthermore, various attempts must be made with the complicity of someone with a smartphone or violence, and at this point any biometric sensor can fail in its task.
It should also be noted that after five attempts, the smartphone blocks access attempts with Face ID and requires the password in any case, so an attacker needs to create an effective mask without too many errors. In short, as we said the past few weeks, it is a dangerous hack, especially for celebrities and exponents actually at risk, but more than safe for the vast majority of users.