Facebook Twitter Google Plus Vimeo Youtube Feed Feedburner

ROS LBoard 1

Vietnamese researcher shows iPhone X face ID ‘hack’

 | November 14, 2017

Ngo Tuan Anh, Bkav’s vice president, acknowledged that preparing the mask wasn’t easy, but he said he believed the demonstration showed facial recognition as a way to authenticate users would be risky for some.

iphone-xHANOI: A researcher in Vietnam has demonstrated how he apparently fooled Apple Inc’s face recognition ID software on its new iPhone X using a mask made with a 3D printer, silicone and paper tape.

An announcement on Friday by Bkav, a Vietnamese cybersecurity firm, that it had cracked Apple’s Face ID, and a subsequent video apparently showing an iPhone being unlocked when pointed at a mask, were greeted with some skepticism.

iphone-hack

A 3D mask and an iPhone X are seen during a demonstration of recognition ID at the office of Bkav, a Vietnamese cybersecurity firm in Hanoi, Vietnam November 14, 2017. REUTERS/Kham

Ngo Tuan Anh, Bkav’s vice president, gave Reuters several demonstrations, first unlocking the phone with his face and then by using the mask. It appeared to work each time.

However, he declined to register a user ID and the mask on the phone from scratch because, he said, the iPhone and mask need to be placed at very specific angles, and the mask to be refined, a process he said could take up to nine hours.

Apple declined to comment, referring journalists to a page on its website that explains how Face ID works.

That page says the probability of a random person unlocking another user’s phone with their face was approximately 1-in-a-million, compared to 1-in-50,000 for the previously used fingerprint scanner. It also says Face ID allows only five unsuccessful match attempts before a passcode is required.

Anh acknowledged that preparing the mask wasn’t easy, but he said he believed the demonstration showed facial recognition as a way to authenticate users would be risky for some.

iphone-hack2

Ngo Tuan Anh, Vice President of Bkav, a Vietnamese cybersecurity firm, demonstrates iPhone X Apple’s face recognition ID software with a 3D mask at his office in Hanoi, Vietnam November 14, 2017. REUTERS/Kham

“It’s not easy for normal people to do what we do here, but it’s a concern for people in the security sector and important people like politicians or heads of corporations,” he said.

“(These) important people should absolutely not lend their iPhone X to anyone if they have activated the Face ID function.”

It’s the first reported case of researchers apparently being able to fool the Face ID software.

Cybersecurity experts said the issue was not so much whether Face ID could be hacked, but how much effort a hack required.

“Nothing is 100% secure,” wrote Terry Ray, chief technology officer at US-based cybersecurity company Imperva, in a note. “Where there’s a will, there’s a way. The questions are: How much trouble would someone go to, and how much would they spend, to get your data?”

Bkav’s Anh said the research took about a week, and included numerous failures. The mask frame was made of plastic, covered with paper tape to resemble skin, with a silicone nose and paper for eyes and mouth.

As far back as 2009, Bkav researchers highlighted what they said were problems with using facial recognition as a way to authenticate users. They said then that they had hacked three laptop manufacturers which used webcams to authenticate users.


Comments

Readers are required to have a valid Facebook account to comment on this story. We welcome your opinions to allow a healthy debate. We want our readers to be responsible while commenting and to consider how their views could be received by others. Please be polite and do not use swear words or crude or sexual language or defamatory words. FMT also holds the right to remove comments that violate the letter or spirit of the general commenting rules.

The views expressed in the contents are those of our users and do not necessarily reflect the views of FMT.

Comments