Research

Hackers Claim to Defeat iPhone X 'Face ID' Authentication

Hackers Claim to Defeat iPhone X 'Face ID' Authentication

Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't - trick the phone's facial recognition software. How? Facial recognition has shown its pitfalls in the past, with hackers tricking security by putting a photo over the camera. The cybersecurity firm did stress that "billionaires, leaders of major corporations, nation leaders and agents like FBI" need to be aware of the problem. The system relies on artificial intelligence.

As shown in the video below, Bkav claims to have pulled this off using a consumer-level 3D printer, a hand-sculpted nose, normal 2D printing and a custom skin surface created to trick the system, all for a total cost of US$150. It's not impossible, but that's an impressive amount of hurdles to jump in a short amount of time without using a password, as BKAV claimed.

These users might want to take extra steps beyond Face ID if they want their device fully protected. It's not a big deal for your evil twin brother or sister to use their face to unlock your iPhone X.

The composite mask (made of 3D printed plastic and make-up) was able to unlock an iPhone locked with Face ID, the researchers said. Now, Bkav says that its 3D printed mask proves that Apple's new Face ID is "not an effective security measure".

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication.




The iPhone X has been a little bit of a let down for some users who saved up big and waited in line long for Apple's latest smartphone. Instead, they focused only on specific spots of the mask to trick the depth-mapping technology. That's because Face ID has the same timeouts as Apple's Touch ID feature.

According to the company's website, in 2008 Bkav discovered the first critical flaw in Google Chrome soon after it launched, making it the first company to discover just how vulnerable facial recognition can be when used as a log-in on laptops and other devices. Face ID is even attention-aware. FaceTec, a San Diego based software start-up, has also demonstrated that if iPhone X users fall asleep, then their faces can still be used to unlock their handsets.

Ultimately, the company thinks this probably means that regular iPhone X users aren't at a high risk of having their phone hacked into by mischievous intruders armed with 3D printers and fake noses. "This seems like an unlikely sequence of events", Norris said.

To create their mask, they didn't use just one material, like silicone, but merged different techniques. They offered some details about the mask, saying that a handmade artist developed the nose.


  • Taylor Swift's 'Reputation' Sells 717000 Copies in U.S.  on its First Day

    Taylor Swift's 'Reputation' Sells 717000 Copies in U.S. on its First Day

    With " Call It What You Want ", Swift ditched the choreography and sat down with her guitar. Sure, Taylor , we believe you.
    Norman Park students salute local veterans

    Norman Park students salute local veterans

    One teacher said that while students honor our heroes, they also learn about why honoring our veterans is so important. One by one each veterans name was read aloud, along with the years served and branch of military.
    Target selling fidget spinners with high levels of lead

    Target selling fidget spinners with high levels of lead

    Traces of lead may end up inside a child's body when fingers are transferred from a fidget spinner to a child's mouth or food. The center circle in the Fidget Wild Premium Spinner Metal contained 1,000 parts per million of lead, according to MASSPIRG.
  • Hasbro Reportedly Offers to Buy Mattel

    Hasbro Reportedly Offers to Buy Mattel

    Mattel and Hasbro have held talks a number of times in the past, including as long ago as 1996 and as recently as late in 2015. It blamed some of the decline on the recent bankruptcy filing of retailer Toys R Us Inc.
    Tennessee parts ways with head coach Butch Jones

    Tennessee parts ways with head coach Butch Jones

    Athletic director John Currie confirmed Jones was "asked to step down" during a meeting between the two Sunday morning. Coming off a 50-17 loss to Missouri on Saturday, UT has chose to part ways with Jones after four-plus seasons.
    Autonomous shuttle test in Las Vegas has crash on first day

    Autonomous shuttle test in Las Vegas has crash on first day

    Testing of the shuttle will continue during the 12-month pilot in the downtown Innovation District . This shuttle bus can transport up to 15 people and was aimed to be used on the city's famous strip.
  • Brakes on odd-even in Delhi as NGT rejects exemptions

    Brakes on odd-even in Delhi as NGT rejects exemptions

    To this, the Delhi Government stated that this couldn't be said as of now. "The odd-even will go on". It also directed the Delhi government to ban on the construction works that are going in the city.

    Twitter doubles display name character count to 50

    In September, the social media site tested the new character limit with some select users, namely high-profile accounts. Now, the company has announced that there are now more than twice as many characters to play with.
    Brother of Lakers Guard Lonzo Ball Arrested in Hangzhou

    Brother of Lakers Guard Lonzo Ball Arrested in Hangzhou

    Chinese authorities have up to 37 days before deciding whether to obtain official approval for an arrest, said Margaret K. An unnamed source told ESPN that police came to the team hotel early Tuesday morning to apprehend the student-athletes.
  • Saudi Blockade on Yemen may Result in Worst Famine in Decades

    Saudi Blockade on Yemen may Result in Worst Famine in Decades

    Saudi Arabia has blamed the Iran-allied Houthis for firing a ballistic missile towards Riyadh airport on November 4. A number of houses were also reportedly damaged in the strike.
    Alabama, Clemson, Georgia, Notre Dame aides on Broyles list

    Alabama, Clemson, Georgia, Notre Dame aides on Broyles list

    Realistically the playoff is wide open for any undefeated and one-loss teams at this point. The college football schedule for Week 11 of the 2017 season features three Top 10 vs.
    How To Get Verified On Twitter? You Can't As Company Reviews Policy

    How To Get Verified On Twitter? You Can't As Company Reviews Policy

    Twitter is halting its system for verifying users' identity, saying that the process has become "broken" and in need of fix . Who do you value more, users like me or him? "Looks like it was payback time", he wrote, according to reports.