iPhone X Face ID fooled again by 'evil twin' mask

Apple's facial-recog tech 'not secure enough for business' claim researchers

Video Security researchers have once again claimed a simple mask can hoodwink Apple's Face ID authentication system, which graces the tech giant's $1,000 iPhone X.

Earlier this month, bods at Bkav, based in Vietnam, demonstrated it was possible to bypass the face-recognizing login mechanism using a $150 3D-printed mask, effectively allowing a stranger to unlock a victim's handset.

However, it wasn't that practical as it took up to ten hours and fiddling with the mask's silicone nose fool the Face ID software. Now, this week, we're told the crew has dramatically improved their technique.


Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'


For their latest approach, another 3D mask was created, this time made out of stone powder that more closely imitates human skin. Then 2D-printed pictures of the phone owner's eyes, designed to trick Face ID's infrared sensors, were pasted on, and managed to unlock an iPhone X, set on the highest security setting, in one try, it is claimed.

"About 2 weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc. should be cautious when using Face ID," said Ngo Tuan Anh, Bkav's veep of cyber security.

"However, with this research result, we have to raise the severity level to every casual users: Face ID is not secure enough to be used in business transactions."

Here's the outfit's video illustrating the latest technique:

Youtube Video

Apple staff joked that the Face ID system could be used to unlock the handset if the owner had an evil twin. After the success of their refined mask design, the Bkav team has dubbed the attack the "evil twin" method.

You may think getting an accurate 3D scan of a target's face would be hard, however, the Bkav team simply set up a few cameras in a room, snapped the target as they entered, and then stitched the pictures together to make a 3D composite using software.

"Security should approximate to absolute, and AI should only be a supplement, not the sole security base for Face ID like the way Apple is working on," said Nguyen Tu Quang, Bkav's CEO.

"AI, in any way, is now still human-made and it does at its best based on the experience of its creators and trainers, here is Apple. Thus, anyone who is more experienced than the creator can bypass it".

The team suggested that fingerprints are still the safest way to protect your phone. We also suggest long pass codes. Sadly, payers of the Cupertino idiot tax with the new handset don’t get that fingerprint option, so passcode it is for the moment. ®

PS: As some of you may have spotted, Bkav also makes a smartphone, making it an Apple rival bashing Apple. However, it argues it is primarily a "cyber security firm," and has pointed out vulnerabilities in Samsung handhelds and Google Chrome, as well as being critical of eye-scanning authentication systems since 2008, before it decided to tout its own mobe.

Similar topics

Other stories you might like

  • Apple’s M2 chip isn’t a slam dunk, but it does point to the future
    The chip’s GPU and neural engine could overshadow Apple’s concession on CPU performance

    Analysis For all the pomp and circumstance surrounding Apple's move to homegrown silicon for Macs, the tech giant has admitted that the new M2 chip isn't quite the slam dunk that its predecessor was when compared to the latest from Apple's former CPU supplier, Intel.

    During its WWDC 2022 keynote Monday, Apple focused its high-level sales pitch for the M2 on claims that the chip is much more power efficient than Intel's latest laptop CPUs. But while doing so, the iPhone maker admitted that Intel has it beat, at least for now, when it comes to CPU performance.

    Apple laid this out clearly during the presentation when Johny Srouji, Apple's senior vice president of hardware technologies, said the M2's eight-core CPU will provide 87 percent of the peak performance of Intel's 12-core Core i7-1260P while using just a quarter of the rival chip's power.

    Continue reading
  • Apple dev roundup: Weather data meets privacy, and other good stuff
    No AR/VR glasses but at least RoomPlan will let you make rapid 3D room maps

    WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.

    For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.

    While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

    Continue reading
  • Workers win vote to form first-ever US Apple Store union
    Results set to be ratified by labor board by end of the week

    Workers at an Apple Store in Towson, Maryland have voted to form a union, making them the first of the iGiant's retail staff to do so in the United States.

    Out of 110 eligible voters, 65 employees voted in support of unionization versus 33 who voted against it. The organizing committee, known as the Coalition of Organized Retail Employees (CORE), has now filed to certify the results with America's National Labor Relations Board. Members joining this first-ever US Apple Store union will be represented by the International Association of Machinists and Aerospace Workers (IAM).

    "I applaud the courage displayed by CORE members at the Apple store in Towson for achieving this historic victory," IAM's international president Robert Martinez Jr said in a statement on Saturday. "They made a huge sacrifice for thousands of Apple employees across the nation who had all eyes on this election."

    Continue reading

Biting the hand that feeds IT © 1998–2022