The recently hyped phone on the market was the Apple iPhone X with its OLED display. This also meant that Apple has to integrate Face ID which replaced the Touch ID fingerprint recognition system on the iPhone X.
Apple had assured its users that their Face ID was safe and secure, which was proved wrong by a security firm in Vietnam.
Security firm Bkav has managed to trick the iPhone X’s Face ID with an artificial mask.
Using a composite 3D-printed mask, a team of Vietnamese researchers claims to have fooled Apple’s Face ID authentication system in “super-premium” iPhone X, stressing that face recognition is “not mature enough” to guarantee security for smartphones. Using a 3D printer, the team at Vietnamese security firm Bkav created a mask that cost them $150.
“Nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition nine years ago). The skin was also hand-made to trick Apple’s Artificial Intelligence,” Bkav said in a blog post.
“The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID,” said Ngo Tuan Anh, Bkav’s Vice President of Cyber Security.
The Bkav security experts who also posted a video on how they did this, said that Face ID can be fooled by a mask, which means it is not an effective security measure.
In 2008, Bkav was the first company in the world to show that face recognition was not an effective security measure for laptops when Toshiba, Lenovo, and Asus used this technology for their products.
Face ID projects more than 30,000 invisible IR dots and claims to only unlock iPhone X when customers look at it and are designed to prevent spoofing by photos or masks.
Apple’s Face ID technology uses a TrueDepth camera system made up of a dot projector, infrared camera, and flood illuminator, and is powered by A11 Bionic to accurately map and recognize a face.
According to the firm, the recognition mechanism is not as strict as one thinks and Apple seems to rely too much on Face ID’s AI.
“We just need half a face to create the mask. It was even simpler than we ourselves had thought,” Bkav said.
According to the firm, if exploited, Face ID can create problems.
“Potential targets shall not be regular users, but billionaires, leaders of major corporations, national leaders and agents like FBI need to understand the Face ID’s issue.
“Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our Proof of Concept,” Bkav noted.
As for biometric security, the fingerprint is the best, said the firm which discovered the first critical flaw in Google Chrome just days after its launch in 2008.
The researchers maintain that they didn’t have to ‘cheat’ to make this work. The iPhone X was trained from a real person’s face, and it only required roughly $150 in supplies (not including the off-the-shelf 3D printer). The demo shows Face ID working in one try, too, although it’s not clear how many false starts Bkav had before producing a mask that worked smoothly. The company says it started working on the mask on November 5th, so the completed project took about 5 days.
Post Your Comments