The iPhone X "Face ID" allows a user to safely unlock their phone and can be used to authenticate app purchases. The iPhone X with Face ID is designed to automatically adjust to changes in the user's appearance for specific scenarios like wearing cosmetics and facials.
In the launch event, Apple Senior Vice President Phil Schiller claimed that "Face ID" was capable of distinguishing a human’s real face from masks through its Artificial intelligence
These claims drew immediate attention from the hacker community. The competition was on to see who was going to fool the iPhone Face ID first. On Friday, November 10th a Vietnam based security company Bkav released a blog and video demonstrating how they had beaten Apple's iPhone X Face ID. The Apple X Face ID had been defeated within a week of the iPhone X release which implies it is not an effective security measure.
HOW THE HACK WORKED
Bkav hackers created a composite mask comprised of 3D printing, 2D images and some special arguments to fool the AI of Apple's Face ID.
The hack costs just $150. They used a 3D printer and the nose part designed by handmade artist, then other parts with @D printing. Again the skin is handmade to trick the Apple’s AI. The hack reveals that the recognition mechanism is not too strict, relying heavily on Face ID’s AI. The hack was accomplished with only a half of the face.
Watch the hack live here:. https://youtu.be/i4YQRLQVixM
WHO SHOULD WORRY
Potential targets shall not be regular iPhone users, but high net-worth individuals, leaders of major corporations & businesses, politicians, thought leaders, etc.
With this security hack, iPhones now join the world of insecure IoT devices on the networks we design and deploy.