Hackers Have Cracked The iPhone X's FaceID In Just One Week Using Just Face Masks
The system took all of just five days, and $150 to complete.
When Apple launched the iPhone X weeks ago, the company seemed to indicate that the FaceID unlock technology was the device¡¯s main selling point. Mapping your features with infrared dots, Apple even talked about making Hollywood-quality masks to test the system and it remaining secure. It turns out however, that wasn¡¯t exactly the best test of the technology¡¯s safety.
Security researchers at Bkav now say they¡¯ve managed to crack FaceID by using custom crafted face masks. However, instead of making photo realistic masks, the team instead focused on crafting masks to trick FaceID¡¯s depth-mapping technology.
Bkav
He team 3D printed their mask from a face model, as well as using flat images for certain things like the eyes. They also used a hand-crafted synthetic skin that they laid over the face, to mimic what the iPhone X¡¯s TrueDepth camera would see. As you can see, the technique worked flawlessly. But the question is, will iPhone X owners have to worry about thief being able to do this?
The hacker team say they didn¡¯t utilise any tricks to make their system work. They trained the iPhone from a real person¡¯s face, and only spent about $150 in supplies to create the mask (aside from what a basic 3D printer would cost). The team says it began working on the mask on November 5, meaning it took them about five days to end up with a false face capable of unlocking the iPhone X in one go.
Reuters
Of course, even the research team understand just how much of an effort this is for a common thief to get access to your phone. Just like with faking someone¡¯s fingerprint, it wouldn¡¯t make sense to go through this on a regular basis for average everyday people¡¯s iPhones. On the other hand, it¡¯s a technique that intelligence agencies could easily employ, assuming they have the data needed to build a model of a person¡¯s face.
More so, the project just attempts to show that using your face to log into a device is less about how secure it is and more about convenience. It¡¯s not the watertight security Apple claimed it is sure, but it¡¯s likely enough for you on a daily basis. However, if you plan on becoming a person of interest for the NSA, it¡¯s probably best not to store anything incriminating on your iPhone X.
ALSO READ: FaceID Is The iPhone X's Biggest Feature, Yet It Still Can't Tell Apart Identical Twins!