Apple iPhone X Face ID Security Defeated With Creepy 3D Mask Says Cybersecurity Firm

by Shane McGlaun — Monday, November 13, 2017, 08:07 AM EDT

A security firm called Bkav Corp. from Vietnam is claiming that it has been able to defeat Apple's new Face ID facial recognition technology to access an iPhone X using a mask. The firm says that for its test, Face ID was set up normally with no special tweaks. The company offered up a Q&A session about how exactly it pulled off the security bypass that sheds detail on what exactly happened.

One of the big questions asked here is how exactly Bkav could beat Face ID when similar efforts failed. The answer is somewhat self-serving, "Because... we are the leading cyber security firm ;) It is quite hard to make the 'correct' mask without certain knowledge of security. We were able to trick Apple's AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. As in 2008, we were the first to show that face recognition was not an effective security measure for laptops."

The mask has several different build materials used with some areas, like the nose, 3D printed, other areas made from silicone, and other areas that used a vague "special processing" to defeat the security measure. Bkav says that the mask was "quite simple" to build. The company notes that a smartphone with 3D scanning capability could be used, such as the Sony XZ1, or a 3D scanner could be set up in a room. You only need a few seconds of scanning according to Bkav.

However, the company notes that an easier way to do this is using photographs and having an artist create the mask. Bkav writes, "We had an artist make it by silicone first. Then, when we found that the nose did not perfectly meet our demand, we fixed it on our own, then the hack worked. That's why there's a part on the nose's left side that is of a different color (photo attached). So, it's easy to make the mask and beat Face ID. Here, I want to repeat that our experiment is a kind of Proof of Concept, the purpose of which is to prove a principle, other issues will be researched later."

Bkav says that it began to work on the hack right after receiving the iPhone X on November 5. Mr. Ngo Tuan Anh, Bkav's Vice President of Cyber Security, said, "The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID".

Tags: Apple, (NASDAQ:AAPL), iphone x, face id, bkav

Shane McGlaun

Shane has been into tech since his dad brought home a Pong game when he was a toddler. A passion for gaming led to a passion for PC tech and hardware. That passion was eventually turned into a career writing about cool gadgets, computers, and automotive technology for some of the biggest publications online and in print. Shane also has a passion for the outdoors and when not writing about tech can be found hiking the trails of Colorado whilst keeping an eye open for nefarious rattlesnakes and bears.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now