Face ID cracked with an elaborate mask

Enrique, 28 November 2017

Face ID is certainly a unique feature for a phone because of the technology behind how it works. Based on the technology that Apple uses behind Face ID, Vietnamese cyber security research firm Bkav was able to crack Face ID for a second time using a more elaborate mask and about $150 in materials.

The researchers were able to fool Face ID with a 3D printed mask of the expert’s face made of stone powder. Infrared images of the person’s eyes were printed on paper and glued onto the facial model to trick the iPhone X’s infrared camera into thinking real eyes were looking at it. Pretty clever.

With the first mask, Bkav recommended that VIPs like National Leaders and high profile executives should be cautious about securing with Face ID. After these findings with the new, more elaborate mask, the same firm deems that Face ID is not “secure enough to be used in business transactions.” (i.e. Apple Pay).

The actual process of being able to achieve what this research firm has is still quite far-fetched. You’ll need access to special equipment and you’ll have to have a high-quality image of the person’s face (in addition to undisturbed access to the victim's device).

Otherwise, the model has to be *really* good. Good enough to fool the device within 5 attempts. After the 5th failed Face ID attempt, the phone prompts for a manual passcode.

Perhaps Apple can add an extra security measure that requires the user to blink while looking at the iPhone X before it will unlock. This feature was introduced in Android Jellybean and was called “liveness check”. It was still easily fooled but maybe Apple’s setup with IR cameras will make it much tougher to crack.



Reader comments

  • Anonymous
  • 30 Nov 2017
  • phh

Android used the camera to take 2D pictures of the user's face and compare it to the one saved in the system unlock. iPhone uses infra-red 3D mapping to scan a user's face and detect the full shape of the face in 3D. Android's picture unloc...

  • yee
  • 30 Nov 2017
  • n5D

why people are so fussed about this tech. android had very similar thing few years back and guess what. nobody uses it from people i know. sorted! If they want to have secure unlock they should use DNA sampler lol

  • thefuture
  • 29 Nov 2017
  • kaC

1)iris scanning 2)Fingerprint reader 3)face id

Popular articles


Popular devices

Electric Vehicles