Breaking into a locked iPhone X shouldn't ever be Moviesdescribed as simple, but according to a group of security researchers, that's exactly where we find ourselves.
The same Vietnamese team that managed to trick Face ID with an elaborately constructed mask now says it has found a way to create a replicated face capable of unlocking Apple's latest and greatest biometric using a series of surreptitiously snagged photographs.
SEE ALSO: No one agrees on whether or not a dead body will unlock a smartphoneApple has copped to the fact that Face ID, for all its technical prowess, isn't perfect. It can be tricked by twins. For most people, however, that security threat is a nonexistent one. But what about masks? The Cupertino-based company assured customers that it had designed the biometric-powered safeguard with that attack in mind — yet the researchers at Bkav are here to rain on that particular parade.
"These materials and tools are casual for anyone."
They built a relatively inexpensive mask which, according to a blog post and video demonstration, was able to fool Face ID into unlocking.
"In this new experiment, Bkav used a 3D mask (which costs ~200 USD), made of stone powder, with glued 2D images of the eyes," researchers explained in a blog post. "Bkav experts found out that stone powder can replace paper tape (used in previous mask) to trick Face ID AI at higher scores. The eyes are printed infrared images — the same technology that Face ID itself uses to detect facial image. These materials and tools are casual for anyone."
To make matters worse, getting the data needed to construct the mask could be done without the target's knowledge, the researchers wrote — no elaborate face scans or up-close photographs required.
"Bkav researchers said that making 3D model is very simple," the blog post noted. "A person can be secretly taken photos of in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object."
Just how easy would it be for someone to pull this off in the real world? We reached out to Apple for comment, but received no response as of press time. We'll update this post when and if we hear back.
The researchers at Bkav, on the other hand, did get back to us, and their comments didn't inspire much confidence in Face ID's security.
"[When] targeting a person, [an attacker] can pre-install HD cameras of 3D scanning system in a meeting room or in an exhibition to secretly take photos of the target," explained a company spokesperson over email. "It takes only around 2s to get photos of the target’s face. Very fast."
As for making the mask itself? "[We] printed only one 3D mask, only one infrared image," the spokesperson noted. "We cut the eyes’ parts and pasted them on the mask, only one time. We succeeded at first try. There was no modification needed."
Should iPhone X owners be worried about this? Well, maybe. It's not like a common thief is going to go to the trouble of surreptitiously scanning your face before (or after) he's jacked your phone from you on your subway commute.
However, if someone wanted access to a specific something on your phone — and felt that it was worth the time and effort of building a mask — you might have a reason to be concerned. Although, of course, using an alphanumeric password in lieu of Face ID would negate that concern.
If anything, Bkav's findings are a reminder that no form of consumer biometric is infallible, and that as security improves, so do the tools and techniques hackers use to beat it.
This story has been updated to include additional comments from Bkav.
Topics Apple Cybersecurity iPhone
Apple iPhone 17 Pro leaks highlight major new design change
Platypus milk aids fight against antibiotic resistance, report says
Rhino experts are not expecting to save threatened species with IVF
Wordle today: The answer and hints for April 1
Sabalenka vs. Svitolina 2025 livestream: Watch Madrid Open for free
AliExpress partners with PingPong to provide cross
Stephen Hawking got his voice from this man
Apple's new iPad Pro is coming in May, report claims
NYT Connections hints and answers for May 10: Tips to solve 'Connections' #699.
NYC Mayor Eric Adams has relied on new tech to solve his problems. It hasn't worked out.
How to Squeeze the Most Out of Your iPhone's Battery
Foxconn in talks with TSMC and TMH to build fabrication units in India · TechNode
China’s Great Wall Motors to enter Uzbekistan market · TechNode
DJI Air 3’s specifications leak · TechNode
CPU Price Watch: 9900K Incoming, Ryzen Cuts
TikTok is more mindfulness
UConn vs. Illinois basketball livestreams: How to watch live
Satellite images of Earth taken from an angle show the world in new beauty
How to Reboot and Reset Android Devices
Stephen Hawking got his voice from this man
Girls in India will receive solar lamps this International Women's Day for an important reasonEven in the White House, Trump can't escape Hillary ClintonThe CIA is interested in hacking your car, WikiLeaks claimsFor some reason, there's now a streaming service for Looney TunesBest headphones deal: Save over $20 on Soundcore P30i earbudsSmartphones are only a luxury if you have moneyCIA hack of Samsung TVs was named after a Doctor Who monsterGet ready to giggle, a lot, over Samsung's code name for the Note 8It appears Ryan Reynolds and Hugh Jackman can't stop trolling each otherInstagram rips off yet another feature from SnapchatInternet quickly turns GOP's Obamacare replacement plan into a memeThe internet is very upset about the mistake on Trump's green #MAGA hats11 times Emma Watson was the hero we all neededCiara's new maternity photoshoot is definitely extraordinaryBest headphones deal: Save over $20 on Soundcore P30i earbudsBest headphones deal: Save over $20 on Soundcore P30i earbudsEd Sheeran's 'Divide' has a billion YouTube views less than a week after its releaseEven Superman has terrible, horrible, no good, very bad daysIs that Bulbasaur on wheels? Nope, it's Volkswagen's new concept car.Trump still refuses to wear his tie correctly and tapes it down instead The government shutdown will keep SpaceX from testing the Falcon Heavy 25+ deals from Walmart's Super Spring Savings Week — Dyson, Switch, 4K TVs Tesla Model 3 'Ludicrous' will be more than just a speedier M3, new leaks show Starbucks is trialling a 5p charge on disposable coffee cups in London Amazon Big Spring Sale: The best outdoor security camera deals The new Park Service director once allowed chopping of protected trees Why is a smoking duck all over my timeline? Duke vs. JMU basketball livestreams: How to watch live '3 Body Problem' Season 2: The burning questions we have Instagram is limiting political content. Here's how to get around it. Samsung Galaxy smartphone deal: Get up to 17% off at Amazon 'Joker 2' might be a 'jukebox musical.' The internet had jokes and memes SDSU vs. Yale basketball livestreams: How to watch live Wordle today: The answer and hints for March 23 NYT's The Mini crossword answers for March 23 Without climate context, Trump's rhetoric about disasters rings hollow The $30 million Google Lunar XPrize will go unclaimed Swatting at mosquitoes might not be pointless after all NYT's The Mini crossword answers for March 24 Creighton vs. Oregon basketball livestreams: How to watch live