How hackers say they’ve outsmarted iPhone X’s Face ID

|
How hackers say they’ve outsmarted iPhone X’s Face ID
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

Apple’s new iPhone X has been hailed as the greatest — and at a starting price of $999, the most expensive — smartphone ever created. Adding to its status is Apple’s Face ID technology, which revolutionizes the authentication process using facial recognition.

But after just two weeks on the market, there have been reports of some pretty high-profile hacks of Face ID. The most prominent is Bkav, a Vietnamese security company that posted a story on its blog Friday with a video purportedly showing how they fooled Face ID.

This is how hackers say they’ve cracked Face ID on the iPhone X

The way they appear to have done it — with a 3D-printed mask made of silicone, makeup and paper cutouts— has drawn some scrutiny from people on the internet.

Some critics say the video never shows whether Face ID has already been taught to recognize the mask. Others said the proper methodology for the experiment would have been to show the smartphone scan and recognize the owner’s face then show it scan the mask to unlock it.

Blav said they were tipped off about the smartphone’s vulnerabilities at the iPhone X launch event in September, when Apple’s CEO said that the company incorporated artificial intelligence into the phone’s security while working with professional makeup artists and mask makers in Hollywood to make sure they couldn’t beat Face ID.

On Wednesday, Bkav updated its original statement, backing up its claim that it indeed cracked Face ID. The firm’s vice president of cyber security, Ngo Tuan Anh, said this: “[The] Achilles’ heel here is Apple let AI [artificial intelligence technology] at the same time learn a lot of real faces and masks made by Hollywood’s and artists. In that way, Apple’s AI can only distinguish either a 100% real face or a 100% fake one. So if you create a ‘half-real half-fake’ face, it can fool Apple’s AI.”

For its part, Apple, which is seeing strong sales of the iPhone X since its November 2 debut, acknowledges that Face ID will have some false positives. In its Face ID security guide, the company says that young children and twins will especially give its facial recognition technology fits.

“The probability that a random person [in] the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID),” the Apple guide says.

“The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial Face ID Security features may not have fully developed,” the guide says. “For additional protection, Face ID allows only five unsuccessful match attempts before a passcode is required to obtain access to your iPhone.”

Still, the Vietnam security firm said Face ID had “foreseeable” weaknesses before it was released.

Meanwhile, a 10-year-old boy on Staten Island in New York is said to have unlocked his mother’s iPhone X in a matter of seconds, according to Wired.  “There’s no way you’re getting access to this phone,” the father remembers his wife telling her son, the website reports.

“It was funny at first,” the dad, Attaullah Malik, told Wired. “But it wasn’t really funny afterward. My wife and I text all the time and there might be something we don’t want him to see. Now my wife has to delete her texts when there’s something she doesn’t want Ammar to look at.”

In a video the family posted on Youtube, fifth-grader Ammar Malik unlocks the phone in less than 2 seconds, saying, “Tada! It’s unlocked.”

So, basically is Face ID smarter than a fifth-grader? Apple’s Face ID security guide says the technology is air-tight security-wise. In its Face ID security guide, the company says, “If you’re concerned about this [a false match], we recommend using a passcode to authenticate.”

RELATED: 14 ways to beef up security on your smartphone

Advertisement
Author placeholder image About the author:
  • Show Comments Hide Comments