iPhone X’s Face ID keeps getting tricked.
As pointed out by Forbes, researchers at the Vietnamese security firm Bkav have found another way to bypass Apple’s facial recognition system. The team, which pulled off a similar hack earlier this month, was able to replicate a face using a series of photos, stone powder, and 2D printed eyes. The researchers call the mask "the artificial twin."
"Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID' AI at higher scores," Bkav wrote in a blog post. "The eyes are printed infrared images—the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone. An iPhone X has its highest security options enabled, then has the owner's face enrolled to set up Face ID, then is immediately put in front of the mask, iPhone X is unlocked immediately. There is absolutely no learning of Face ID with the new mask in this experiment."
You might be thinking: How can anyone get a proper scan of my face without my knowledge? Bkav claims it’s easier than many of think. Researchers said all they have to do is set up a series of concealed cameras in a room.
"For example, if you are standing in the middle of booth, it will take photos of you at different angles in just two seconds. And we take an infrared image of your face," a Bkav spokesperson told Forbes. "Then, we will make 3D object of your face from the photos... Then, with the 3D object, we use a 3D printer, using stone powder as material, to print the twin mask of your face. It will be the original mask by the printer, no modification is needed." All in all it cost about $200 to make the mask.
You can check out the hack above.
Since the iPhone X was released, many people have discovered ways to fool the security feature. Twins and children have successfully unlocked phones using less elaborate methods than Bkav’s, which has made more and more users skeptical.
Though no security feature is 100 percent foolproof, the firm insists the Touch ID is a much safer option, as it’s more difficult to collect fingerprints than it is to take photos of someone’s face.