A security firm called Bkav Corp. from Vietnam is claiming that it has been able to defeat Apple's new Face ID facial recognition technology to access an iPhone X using a mask. The firm says that for its test, Face ID was set up normally with no special tweaks. The company offered up a Q&A session about how exactly it pulled off the security bypass that sheds detail on what exactly happened.
One of the big questions asked here is how exactly Bkav could beat Face ID when similar efforts failed. The answer is somewhat self-serving, "Because... we are the leading cyber security firm ;) It is quite hard to make the 'correct' mask without certain knowledge of security. We were able to trick Apple's AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. As in 2008, we were the first to show that face recognition was not an effective security measure for laptops."
The mask has several different build materials used with some areas, like the nose, 3D printed, other areas made from silicone, and other areas that used a vague "special processing" to defeat the security measure. Bkav says that the mask was "quite simple" to build. The company notes that a smartphone with 3D scanning capability could be used, such as the Sony XZ1, or a 3D scanner could be set up in a room. You only need a few seconds of scanning according to Bkav.
However, the company notes that an easier way to do this is using photographs and having an artist create the mask. Bkav writes, "We had an artist make it by silicone first. Then, when we found that the nose did not perfectly meet our demand, we fixed it on our own, then the hack worked. That's why there's a part on the nose's left side that is of a different color (photo attached). So, it's easy to make the mask and beat Face ID. Here, I want to repeat that our experiment is a kind of Proof of Concept, the purpose of which is to prove a principle, other issues will be researched later."
Bkav says that it began to work on the hack right after receiving the iPhone X on November 5. Mr. Ngo Tuan Anh, Bkav's Vice President of Cyber Security, said, "The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID".