Hackers say they've already broken iPhone's Face ID

Hackers say they've already broken iPhone's Face ID

Since the debut of iPhone X and its facial recognition-based authentication system, Face ID, one of the biggest worries has been how easy it will be to hack around it—“it” being your face, which any criminal could just slice off then place over their own, allowing them to see all the embarrassing “Book Ideas” you’ve been writing in Notes. But now there’s some reassuring news from the Vietnamese security firm Bkav, which claims that it was able to break into Face ID using nothing more than a composite mask made of 3-D and 2-D parts and a little bit of trial and error. At last, Apple can now proudly guarantee that your face won’t be cut off, probably.

Bkav released a video detailing its face-saving process, in which it claims to have unlocked the iPhone by taking a digital scan of a colleague, 3-D-printing a replica of the frame of his face, then outfitting it with a silicone nose and some relatively crude photo cutouts of his eyes and lips. While some others have already gone to more elaborate lengths to try tricking Face ID—for example, Wired says it spent “thousands of dollars” on hiring a special effects artist to make full, Hollywood-caliber masks with genuine eye movement and real, threaded hair—Bkav says it only dropped about $150, and it left most of its mask wrapped in naked white plaster.

On the other hand, this method wasn’t exactly as easy as the 90-second clip makes it seem. Bkav’s technique required taking a detailed, five-minute manual scan of the subject’s face, then hiring an artist to sculpt the fake nose and create the mask, a process that failed at least four times before it finally got it right. And although it’s troubling that Face ID appears to work even with flat, lifeless eyes—meaning hackers could potentially unlock the phone of someone who’s sleeping, incapacitated, or dead, or just up on current events—even Bkav acknowledges that the overall process would be incredibly time-consuming and require a lot of technical knowledge. (On the other hand, it would finally give you a reason to use that 3-D printer you bought.)

Given all that, Bkav concludes that this particular hacking method would really only be a plausible threat for “billionaires, leaders of major corporations, nation leaders, and agents like FBI” whose phones might actually be worth the elaborate heist-level of effort involved. So it seems the rest of us ordinary schlubs will just have to go back to worrying about thieves carving off our faces—or just making us look at our phones.

 
Join the discussion...