Associated Incidents
Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f82967%2f7e1f7535 a028 4885 9984 973f49d6cd0c More
There is no such thing as foolproof phone security.
Case in point: Security researchers at Bkav have reportedly defeated the iPhone X's Face ID feature using a simply-constructed 3D mask.
The average person probably doesn't need to worry about the purported hack, but billionaires, celebrities, and high-profile public figures like presidents may want to rethink their use of Apple's nascent facial recognition technology.
SEE ALSO: If you own an iPhone X, you absolutely need to know this gesture trick
Apple is trying to convince people Face ID is more secure than its Touch ID fingerprint sensor, which is still used in the iPhone 8 in addition to earlier models. But stories about weak spots (especially if you've got a twin or you're a kid) keep popping up.
While Apple acknowledges that Face ID isn't hack-proof, the company says it's built the face recognition technology to have 1 in a million chance of somebody else unlocking your iPhone X compared to the 1 in 50,000 chance using Touch ID.
Not only that, but Apple says it worked with Hollywood makeup artists and mask makers to ensure that elaborate masks couldn't be used to bypass a person's iPhone X.
Before Bkav, a security firm, released its results, others have tried to trick Face ID using detailed masks and failed. The Wall Street Journal's Joanna Stern had a mold of her face made by a professional prosthetic company and, sure enough, her iPhone X wouldn't unlock when a colleague donned her fake face. Wired's David Pierce also attempted a much more detailed recreation of his face using a variety of different materials, but also failed to trick Face ID.
Bkav's rudimentary mask, though, tripped up the feature. The mask, which you can see below, included a 3D-printed face with 2D-printed eyes and lips and a 3D nose constructed of silicone. Mashable has reached out to Apple for comment on the hack.
If this hack looks basic, that's because it is — at least on the surface. Bkav says the crude mask only cost about $150 to make.
Rich and famous more at risk
That may sound really scary, but this hack won't affect most people.
For starters, the lengths one must go through — it took about a week for Bkav to create a mask that successfully tricked the iPhone X — isn't worth it in most cases.
Then there's the matter of getting scans of your eyes and mouth. According to Wired, Bkav's researchers need to manually scan a person's face for five minutes before getting enough detail to reconstruct a false mask.
Additionally, the silicon nose needs to be made by hand. An initial version of the nose reportedly didn't work and needed to be modified to deceive the iPhone X's TrueDepth cameras and built-in AI.
Though similar facial recognition unlocking technology on Samsung's Galaxy S8 and Note 8 phones is much easier to bypass (in some cases, it can be fooled by a picture), the alternative and more secure iris scanner built into these phones is much more difficult to hack, requiring very specific printers and contact lenses.
All things considered, Bkav's researchers say billionaires, celebrities and public figures, who will have their faces photographed and widely published could be easier targets for its hacks. With enough effort, a skilled craftsman could reconstruct a mask similar to the one Bkav made using lots of photographs.
Story continues