When the iPhone X debuted, people were endlessly fascinated by the facial recognition software that allows you to unlock your phone using only a glance. Apple touted the new software as being extremely secure. However, a Vietnamese cybersecurity firm called Bkav has just released a video on YouTube showing that the security system can be cracked with well-made masks. While twins have been able to trick the phones and "hack" their way past the lock, this is the first time masks have successfully broken through the facial recognition software.
By matching the specific facial areas the iPhone X scans when "deciding" whether or not to unlock, Bkav was able to fool the phone into thinking it was seeing a person. The mask, however, requires a lot of detail: a 3D printed frame, silicon nose, and photographic recreations of the eyes and mouth.
So it means if someone wants to open an iPhone, he needs to kidnap him/her, create a mask from his/her face, instead of just holding it in front of them! I think those behind these tests are indeed stupid not genius!— Baback Ashtari (@BabackAshtari) November 19, 2017
I’ll have to remember not to carry a plaster cast if my face around with me to stop a mugger or thief accessing my personal info. Thanks for the heads up.— Suggymoto (@Suggymoto) November 19, 2017
If someone wants to go through the trouble of creating a mask of my face and get my phone from me then they deserve what little they could steal from me. I think I’ll not worry about this one.— Nate Ardle (@NateArdle) November 19, 2017
This research is too vague and this kind of hack is useless if you need the owner of the phone involved.— Phoenix (@PhoenixFieryn) November 19, 2017
During the iPhone X introduction event, Phil Schiller said the phone's engineers had worked with professional mask-makers from Hollywood so the new product would recognize the difference between a real face and a false one. While he admitted no biometric system was without flaw, he also pointed out that only about 1 in 1,000,000 faces would be able to randomly trick a stranger's phone.
If someone wants to go through all that effort, they deserve to unlock my phone. All power to them.— Chris L (@clang823) November 19, 2017