Cyber security firm Bkav says a 3D-printed mask costing just $150 (£115) to make has fooled the Face ID software, which is used to unlock the iPhone X, authorise payments and log in to apps.
The researchers said it
proved that Face ID is "not an effective security measure", although
making the mask did require a detailed facial scan, and would be
difficult for normal users to replicate.
ADVERTISING
When the iPhone X was unveiled in September, Apple touted the security benefits of Face ID,
saying there is a one in a million chance of another person being able
to unlock it, and that it had stress-tested the technology using
silicone masks made by Hollywood studios.Bkav constructed the mask using a combination of 3D
printing, a silicone nose and printed images of the eyes. A video
released by the company appears to show Face ID being fooled when a
cloth covering the mask is removed, although it does not show Face ID
being set up, so it cannot be confirmed that the technique works.Face
ID differs from the image recognition techniques used in many other
electronics and which have been easily fooled merely by photos of the
target. The iPhone X uses a technique called dot projection, which
directs beams of infrared light at the user's face to create a 3D image,
and uses artificial intelligence to "learn" the person's face.
Apple
has used a fingerprint sensor embedded in the home button for iPhone
security for several years, but removed the home button on the iPhone X
to make room for a bigger screen, leading it to develop Face ID.
Bkav said the mask it used to fool the phone could not be replicated by everyone but was simple enough for hackers to make, with the 3D scanners needed to map a person's face relatively easy to find. "Exploitation is difficult for normal users, but simple for professional ones," it said.
Bkav said the mask it used to fool the phone could not be replicated by everyone but was simple enough for hackers to make, with the 3D scanners needed to map a person's face relatively easy to find. "Exploitation is difficult for normal users, but simple for professional ones," it said.
Trying to fool the iPhone X facial recognition
01:42
It
claimed the technique used to beat the security could be used to target
politicians, billionaires and chief executives. As well as unlocking a
phone, Face ID is used to log into banking apps and authorise Apple Pay.
Bkav has previously demonstrated security flaws with laptop face recognition systems.
Apple has said that Face ID is not suitable for children under 13 or for twins, suggesting they use a passcode instead. An Apple spokesman pointed to a security white paper on Face ID detailing its security.
Bkav has previously demonstrated security flaws with laptop face recognition systems.
Apple has said that Face ID is not suitable for children under 13 or for twins, suggesting they use a passcode instead. An Apple spokesman pointed to a security white paper on Face ID detailing its security.
Comments
Post a Comment