Barely ten days into the market, Apple's flagship smartphone, iPhone X' face recognition technology or the Face ID is being challenged by a cybersecurity firm, which claims to have fooled it.
Bkav, a Vietnamese cybersecurity firm, claims to have cracked the face recognition technology of iPhone X with the help of a mask which costs around $150.
Terming the technology as not an effective security measure, Ngo Tuan Anh, Bkav's vice president of Cyber Security, said, "The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool the AI of Face ID".
Bkav said that the experiment is a proof of concept and it claimed that in order to bypass the security measure even half of the face is enough to crack into the system. The Face ID recognises half the face and allows the user to unlock the phone. Thus, even half of the mask was enough to fool the AI, claims Bkav.
In fact, it also said that the fingerprint sensor which uses biometric security system is the better security measure as of now.
However, it said that though the smartphone's face recognition technology may have failed in the experiment; it may not be a problem for the common man. It, however, may be a concern for popular personalities such as world leaders, billionaires or celebrities.
Bkav had first started work on the hack on 5 November when it had received the phone. However, the security agency has not detailed the process of how they went about training the iPhone X with the original victim's face and then spoofed it with a 3D mask. According to Marc Rogers, a researcher at security firm Cloudflare, this experiment needs to be taken with a pinch of salt. According to Rogers, the Bkav staff could have potentially 'weakened' the phone's digital model by training it on the original victim's face with some features obscured.
The company released a video, in which a company staff member pulls off a cloth from a face mask which is placed in front of the iPhone X. The phone instantly unlocks when the mask is placed in front of it. The mask had sculpted silicone nose, two dimensional eyes and lips printed on paper which were mounted on a 3D printed plastic frame. The 3D frame was probably made from a digital scan of the victim's face.
Such sophisticated means to spoof the iPhone X Face ID means that regular iPhone X users would most likely not be the targets.
In another instance, Mashable had reportedly tested Face ID against identical twins. And Face ID was not able to distinguish between the two. But Apple has claimed in the past that in case of identical twins, it may be possible to fool the Face ID system, and that it is working on ensuring that issue is fixed.
Wired had also tried to fool the Face ID on the iPhone X using 3D face masks, but it did not succeed.