Notebookcheck Logo

Face ID tricked using a mask

The mask that turned Face ID into Farce ID (Source: Bkav Corp on YouTube)
The mask that tricked Face ID (Source: Bkav Corp on YouTube)
A Vietnamese security firm managed to trick Apple's Face ID into unlocking the new iPhone X with the help of a custom mask that was created for a cost of around US$150. Perfecting the whole process took them about a week.

Those who got the iPhone X thinking that the Face ID technology is a big step ahead from Apple's fingerprint scanner known as Touch ID should rethink that, considering the recent achievement of a Vietnamese security company known as Bkav Corporation. Leaving the details aside, the entire story is about Apple's Face ID being turned into Farce ID with the help of a mask that was made with a budget limited to just US$150.

The Apple iPhone X arrived on November 3, and it took less than two weeks for the first hacking team to crack this form of authentication. While most believed that achieveing this would require a more costly approach, in the end it only took Bkav Corporation a US$150 composite mask to trick the flagship into unlocking. Funny enough, Wired spent thousands to create full masks using five different materials and none of them managed to trick Apple's Face ID.

The entire ordeal has been filmed and posted on YouTube, although other security researchers still have to confirm it. Bkav Corporation created its mask using a 3D-printed frame, a silicone nose, 2D printed images for the eyes and the mouth of the user, all combined with "some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID."

Back in 2008, Bkav was the first security firm to prove that face recognition is not a secure authentication method for laptops. In the same year, this Vietnamese company was also the one to reveal the first critical flaw in Google Chrome in just a few days after its launch. One year later, they traced the master UK server that was used to carry the DDoS attacks that targeted the US and Korean governmental websites in July.

According to Bkav, fingerprint scanning is the safest security measure to use nowadays. On the other hand, they also highlighted that it is highly unlikely for regular users to be targeted by such an attack, unless they are billionaires, nation leaders, intelligence officers, and other categories of people who might carry extremely valuable data on their handsets.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Codrut Nistor, 2017-11-13 (Update: 2017-11-13)