Incident 26: Hackers Break Apple Face ID

Description: Vietnamese security firm Bkav created an improved mask to bypass Apple's Face ID

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscover
Alleged: Apple developed and deployed an AI system, which harmed Apple and Device Owners.

Incident Stats

Incident ID
26
Report Count
24
Incident Date
2017-09-13
Editors
Sean McGregor

CSET Taxonomy Classifications

Taxonomy Details

Full Description

In November 2017, Vietnamese security firm Bkav bypassed Apple's Face ID authentication system by creating a mask made by using photos, stone powder, and 2D printed infrared images. Their experiment was designed to demonstrate the ease of unlocking, low cost (of about $200), and risk posed by using Face ID versus fingerprint-based Touch ID. This experiment provided further evidence from past claims made one month prior.

Short Description

Vietnamese security firm Bkav created an improved mask to bypass Apple's Face ID

Severity

Negligible

Harm Type

Harm to intangible property

AI System Description

1:1 matching facial recognition system to verify and grant access to Apple devices employing Face ID.

System Developer

Apple

Sector of Deployment

Information and communication

Relevant AI functions

Perception, Cognition, Action

AI Techniques

Deep learning

AI Applications

Facial recognition

Location

Vietnam

Named Entities

Apple, Bkav

Technology Purveyor

Bkav, Apple

Beginning Date

11-2017

Ending Date

11-2017

Near Miss

Unclear/unknown

Intent

Unclear

Lives Lost

No

Data Inputs

One billion training images, infrared facial scan of individual user

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents