Face ID of iPhone X unlocked with a $ 150 mask
A group of security researchers claims to have been able to undermine the Face ID defenses integrated on the iPhone X with a $ 150 mask. The problem is like ” printing ” it.
According to security company Bkav it is possible to get around Face ID thanks to the use of a $ 150 mask created ad-hoc for each user. For those who do not know Face ID is the only authentication system of the iPhone X, and will soon replace the unlock via fingerprint on all iPhone. If it were really that simple to circumvent it would be a huge security problem, but the truth is that it is a difficult system to apply.
In 2009 Bkav had shown a technique to overcome facial authentication on laptops Toshiba and Lenovo, and many years later returns to the topic thanks to the new iPhone. The company has also released a video in which it is possible to see ” the hack ” in action, with the iPhone X free access to its data once the mask has been placed in front of the smartphone’s sensors. The problem is to build it without having the necessary information.
” It is quite difficult to make the right mask without having a certain competence in the field of security,” declared one of the managers of the company at Ars Technica. ” We have been able to overcome the Apple AI because we know how it works, and we know how to get around it “. The mask that we see in the video was obtained using 2D and 3D scans, to which was then added a silicone appendix, the nose, modeled by hand.
Following a request for further information from the American press on the fraudulent release methodology, Bkav promised a press conference for November 15 to provide the required details. The company has also released a Q&A section on the official website for those wishing to deepen the subject or have doubts about it. In addition, he explained that it does not consider worrying the unlocking via the mask regarding ordinary users.
To achieve the exploit, a certain collaboration from the owner of the smartphone is necessary or in any case to obtain it in some way. However, unlocking via the mask could allow government agencies or companies to discover important information about rivals and competitors, using Bkav proof-of-concept to fraudulently access content on smartphones from members of rival countries and companies.