Advertisement

Vietnamese Firm Bkav Claims to Have Beaten Apple Face ID With an Elaborate Mask

Vietnamese Firm Bkav Claims to Have Beaten Apple Face ID With an Elaborate Mask
From Gizmodo - November 12, 2017

Apples new Face ID security for the iPhone X has sparked a number of concerns, with the biggest being how secure the biometric system really is. The tech giant says that while the facial recognition system is intended for convenience rather than absolute security, its less vulnerable than its Touch ID predecessorthough testing has shown that the system generally works, but has a number of faults and unexpected behaviors.

Heres yet another wrinkle for Face ID: Researchers at Vietnamese firm Bkav claim to have been able to defeat the iPhone Xs facial recognition with an elaborate mask made from a combination of 2D and 3D parts. In a video released this weekend, Bkav researchers showed off how the specially constructed face was able to unlock a brand-new device. According to Bkav, their proof of concept was performed without training their iPhone X to recognize components of the mask, just a team members face.

The company didnt specify how many attempts it took them to get past Apples security, but they did write it cost around $150 for parts not including a 3D printer. Without clearer video or seeing the experiment replicated, its tough to know whether its a genuine break-in.

But assuming Bkavs method really works as advertised, would this be a major security issue for casual users? Probably not. As Bkav explained in their blog post, It is quite hard to make the correct mask without certain knowledge of security. We were able to trick Apples AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it. For example, in addition to relying on 2D and 3D printed parts, Bkav also had to recruit an artist to construct the masks nose by hand. They added the process began right after receiving [the] iPhone X on Nov 5, suggesting it was a complicated effort that took many iterations to achieve the desired result.

As Engadget reported, this is somewhat similar to when European hacker association Chaos Computer Club used a labor-intensive process requiring 2400 DPI photographs of a users finger and a latex print to fool fingerprint recognition in 2013. Bkavs elaborate Face ID workaround is quite complicated compared to that, which bolsters Apples claims the new system is more secure than Touch ID.

Advertisement

Continue reading at Gizmodo »