Breaking into a locked iPhone X shouldn't ever be Polanddescribed as simple, but according to a group of security researchers, that's exactly where we find ourselves.
The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs.
SEE ALSO: No one agrees on whether or not a dead body will unlock a smartphoneApple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For most people, however, that security threat is a nonexistent one. But what about masks? The Cupertino-based company assured customers that it had designed the biometric-powered safeguard with that attack in mind — yet the researchers at Bkav are here to rain on that particular parade.
"These materials and tools are casual for anyone."
They built a relatively inexpensive mask which, according to a blog post and video demonstration, was able to fool Face ID into unlocking.
"In this new experiment, Bkav used a 3D mask (which costs ~200 USD), made of stone powder, with glued 2D images of the eyes," researchers explained in a blog post. "Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID AI at higher scores. The eyes are printed infrared images — the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone."
To make matters worse, getting the data needed to construct the mask could be done without the target's knowledge, the researchers wrote — no elaborate face scans or up-close photographs required.
"Bkav researchers said that making 3D model is very simple," the blog post noted. "A person can be secretly taken photos of in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object."
Just how easy would it be for someone to pull this off in the real world? We reached out to Apple for comment, but received no response as of press time. We'll update this post when and if we hear back.
The researchers at Bkav, on the other hand, did get back to us, and their comments didn't inspire much confidence in Face ID's security.
"[When] targeting a person, [an attacker] can pre-install HD cameras of 3D scanning system in a meeting room or in an exhibition to secretly take photos of the target," explained a company spokesperson over email. "It takes only around 2s to get photos of the target’s face. Very fast."
As for making the mask itself? "[We] printed only one 3D mask, only one infrared image," the spokesperson noted. "We cut the eyes’ parts and pasted them on the mask, only one time. We succeeded at first try. There was no modification needed."
Should iPhone X owners be worried about this? Well, maybe. It's not like a common thief is going to go to the trouble of surreptitiously scanning your face before (or after) he's jacked your phone from you on your subway commute.
However, if someone wanted access to a specific something on your phone — and felt that it was worth the time and effort of building a mask — you might have a reason to be concerned. Although, of course, using an alphanumeric password in lieu of Face ID would negate that concern.
If anything, Bkav's findings are a reminder that no form of consumer biometric is infallible, and that as security improves, so do the tools and techniques hackers use to beat it.
This story has been updated to include additional comments from Bkav.
Topics Apple Cybersecurity iPhone
Is it 'Thunderbolts*' or *The New Avengers'?
The Plum Tree on West 83rd Street
The Enlightenment Is Like a Centaur—and We Must Kill It!
At the Newsstand, Chivalry Is Most Surely Not Dead
Best IPL deal: Save $80 on Braun IPL Silk·Expert
Souvenirs of a Life: Collages by John Ashbery & Guy Maddin
For Graduates: The Paris Review’s Commencement Gift Box
Beware the Mineshaft of Books
Time to Unite
Cuteness for Fun and Profit
Keeping Hope Alive
My Parents’ News Cleanse
Linda Rosenkrantz on Her Book “Talk,” Fifty Years Later
On James Wright’s “Lying in a Hammock...”
Ireland fines TikTok $600 million for sharing user data with China
“Tess of the D’Urbervilles” Saw Strange Forms of Censorship
Tough Cookies, and Other News
Looking for Van Gogh in Abandoned Coal Mines
Best Hydro Flask deal: Save $10 on a 24
Antoine Volodine on Writing Post
Key & Peele salute Obama with perfect final 'Anger Translator' sketchBBC morning show hosts introduce wrong guest live on airWho did this to this poor CES booth?Listen to the eerie sounds of Mars recorded by a NASA roverGorgeous iridescent umbrella tells you when it's supposed to rainNYPD responds to captain's absurd comments about rape and TinderCES 2017: SwagSurf is like a hoverboard for the oceanDell Canvas gives you Surface Studio abilities without the luxury price tagThis is what you look like from MarsDoes Donald Trump know the 'Great Wall' already exists?Apple's India woes continue, government denies giving any special tax concessionsIBM reveals new pride logo as a wave antiYou can take the subway, but you can't hide from Donald Trump's faceAn iceberg the size of Delaware is about to break off AntarcticaNews broadcast about Alexa ordering a dollhouse makes Alexas order dollhouses'A Monster Calls' featurette knows why you cry so much at the moviesThere's a room with a bunch of dudes watching VR porn at CESTrivial Pursuit may have gone a bit too hard on the 'find and replace' functionFlying give you 'the fear?' Here are the world's safest airlinesAlec Baldwin trolls Trump with Russian 2020 winter theater preview: Armie Hammer, Bobby Cannavale, and more Twitter turns a discriminatory hashtag (on a blank page) into LOLs Uber introduces 'favorite drivers' and new price displays for California users Walmart is now using robots to fulfill grocery orders My first self Apple will replace some iPhone batteries for free Ignore the claim that streaming Netflix ‘makes climate change worse’ 'The Crown' won't cover Prince Harry & Meghan Markle's latest developments Facebook redesign with dark mode rolls out for some users Glowing Facebook story pulled from Teen Vogue following serious WTFs All these new smartwatches crush the Apple Watch in one regard This smart scale from Kakao Friends is actually cute and nice Did you know you shouldn't feed ducks bread? These people didn't. Lizzo lends a hand packing hampers for people affected by Australia's bushfire crisis Crush your soul with these children's books rewritten for a Trump presidency NBA road teams are winning more because of dating apps. No, really. Samsung reveals how many Galaxy Fold phones it really sold, sort of Twitter will test reply limiting feature to beat back trolls Reddit bests Facebook by rolling out a superior deepfakes policy The best signs from Australia's climate protests amid bushfire crisis