Apple iPhone X Face ID And Face Detection Defeated With $200 3D Mask

iPhone X users must be feeling a little unsure of their Face ID security. Recently we have seen a son unlock his mother's phone using his own face just because they look alike. A security firm from Vietnam called Bkav was able to defeat Face ID security earlier this month using an ornate mask. Bkav is back at it again and has been able to use another mask to defeat Face ID even with the added security of Face Detection turned on.

Apple stated this about its facial recognition technology, "Face ID matches against depth information, which isn't found in print or 2D digital photographs. It's designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks. Face ID is even attention-aware."
face id mask

The mask used this time out is a 3D printed device made of some sort of stone powder, and cost $200 to produce. Once the mask was complete, Bkav taped 2D infrared images of eyes over the mask to emulate real eyes. The company then aimed an iPhone X at the fancy mask to attempt an unlock with the "Require Attention for Face ID" and "Attention Aware Features" on.

Both of those features are meant to add an extra layer of security to Face ID by forcing the user to look at the iPhone to unlock. This feature is reportedly meant to prevent Face ID from being unlocked with a mask or photograph or when you are looking away from your phone. Once the features are enabled, the person on the video unlocks the iPhone X with their face to show it works.


Then the mask is used to unlock the phone just as the user was able to do with his face. The IR images of eyes are able to fool the iPhone X into thinking the mask is a real person looking at the device. Bkav says that the tools used to create the mask are accessible by anyone. The company also claims that Face ID is less secure than Touch ID because images of a person can be taken from afar and used to create a mask to unlock the phone.

This isn’t likely to concern the average user. Who, after all, is going to spend hundreds of dollars and take the time needed to make a mask just to unlock the average iPhone X user's device? Still, the ability to spoof a face with a mask does show that Apple's security isn’t as robust as it claims.


Via:  MacRumors
Show comments blog comments powered by Disqus