Face ID has been defeated again, and this time it was 'simple'
Breaking into a locked iPhone X shouldn't ever be described as simple, but according to a group of security researchers, that's exactly where we find ourselves.
The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs.
SEE ALSO:No one agrees on whether or not a dead body will unlock a smartphoneApple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For most people, however, that security threat is a nonexistent one. But what about masks? The Cupertino-based company assured customers that it had designed the biometric-powered safeguard with that attack in mind — yet the researchers at Bkav are here to rain on that particular parade.
"These materials and tools are casual for anyone."
They built a relatively inexpensive mask which, according to a blog post and video demonstration, was able to fool Face ID into unlocking.
"In this new experiment, Bkav used a 3D mask (which costs ~200 USD), made of stone powder, with glued 2D images of the eyes," researchers explained in a blog post. "Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID AI at higher scores. The eyes are printed infrared images — the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone."
To make matters worse, getting the data needed to construct the mask could be done without the target's knowledge, the researchers wrote — no elaborate face scans or up-close photographs required.
"Bkav researchers said that making 3D model is very simple," the blog post noted. "A person can be secretly taken photos of in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object."
Just how easy would it be for someone to pull this off in the real world? We reached out to Apple for comment, but received no response as of press time. We'll update this post when and if we hear back.
The researchers at Bkav, on the other hand, did get back to us, and their comments didn't inspire much confidence in Face ID's security.
"[When] targeting a person, [an attacker] can pre-install HD cameras of 3D scanning system in a meeting room or in an exhibition to secretly take photos of the target," explained a company spokesperson over email. "It takes only around 2s to get photos of the target’s face. Very fast."
As for making the mask itself? "[We] printed only one 3D mask, only one infrared image," the spokesperson noted. "We cut the eyes’ parts and pasted them on the mask, only one time. We succeeded at first try. There was no modification needed."
Should iPhone X owners be worried about this? Well, maybe. It's not like a common thief is going to go to the trouble of surreptitiously scanning your face before (or after) he's jacked your phone from you on your subway commute.
However, if someone wanted access to a specific something on your phone — and felt that it was worth the time and effort of building a mask — you might have a reason to be concerned. Although, of course, using an alphanumeric password in lieu of Face ID would negate that concern.
If anything, Bkav's findings are a reminder that no form of consumer biometric is infallible, and that as security improves, so do the tools and techniques hackers use to beat it.
This story has been updated to include additional comments from Bkav.
Featured Video For You
Is the iPhone X's facial recognition twin compatible?
-
South Korea beefs up drills amid escalating NK provocations部分因降雨断道的国省干道已抢通双星联手玉柴跨界融合创造行业新业态这项指数被称外贸出口“天气预报”,82家青企入选样本When will Trump and Harris debate? The presidential campaigns snipe over ABC News’ rules.减税降费“情”深意“农”“书香青岛”, 全民悦读启动仪式在市南区拉开帷幕划重点!广东出台林长制和绿美广东工作考核实施细则Wordle today: The answer and hints for August 29雅安蓝天救援队援豫人员返雅
- ·Smiley face on Mars is a telltale sign of its past
- ·我市召开全市个私经济高质量发展试点工作联席会议
- ·我市召开全市个私经济高质量发展试点工作联席会议
- ·比学赶超争先进 加压奋进促发展
- ·Best smartphone deal: Google Pixel 8a on sale for $449 at Amazon
- ·山东统筹推进脱贫攻坚与乡村振兴 实现多规合一
- ·发挥“红色力量”密织疫情防控网
- ·比学赶超争先进 加压奋进促发展
- ·The Weird, Wonderful World of Water Towers
- ·工商银行青岛分行成功解救误入传销客户
- ·累计超500万客户参与,平安RUN“保险+健康”模式获客户青睐
- ·青岛“机器换人”助力制造业高质量发展
- ·古物:回望时间的印记
- ·这项指数被称外贸出口“天气预报”,82家青企入选样本
- ·返乡创业做电商 携手乡邻共奔康
- ·青岛税务:减税灯谜猜起来 新政宣传活起来
- ·Best smart home deals this week at Amazon
- ·拍拍贷2019年一季度撮合额达190.80亿 连续三季度环增
- ·领取结婚证 幸福有意义
- ·部分因降雨断道的国省干道已抢通
- ·Top 10 Most Significant Nvidia GPUs of All Time
- ·我市启动第一次水产养殖种质资源普查
- ·市市场监管局开展“八一”走访慰问活动
- ·拍拍贷2019年一季度撮合额达190.80亿 连续三季度环增
- ·Wordle today: The answer and hints for August 27
- ·绉戝垱鏉垮紑濮嬫帴鍙楃敵璇 涓ユ妸璐ㄩ噺鍏虫垚甯傚満鍏虫敞閲嶇偣
- ·Apple finally sends out payments for MacBook's butterfly keyboard settlement
- ·鲁股午报丨沪深两市低开后跳水 华为概念逆市爆发
- ·阿里CEO张勇:阿里巴巴继续开放招聘优秀人才
- ·青岛港在全海区首次实现 港作拖轮生活污水回收处理
- ·What Ever Happened to Winamp?
- ·中国·雅安大数据产业园亮相智博会
- ·工商银行青岛分行成功解救误入传销客户
- ·青岛啤酒喜迎“开门红” 一季度净利增幅达21%创历史新高
- ·I went to an offline dating event for singles. Here's how it went.
- ·工商银行青岛分行成功解救误入传销客户