advertisement
Using a composite 3D-printed mask, a team of Vietnamese researchers claim to have fooled Apple's Face ID authentication system in "super-premium" iPhone X, stressing that face recognition is "not mature enough" to guarantee security for smartphones.
At iPhone X launch event, Apple's Senior Vice President Phil Schiller had claimed that Face ID can distinguish human's real face from masks, thanks to its artificial intelligence (AI).
Using a 3D printer, the team at Vietnamese security firm Bkav created a mask that cost them $150.
"The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID," said Ngo Tuan Anh, Bkav's Vice President of Cyber Security.
The Bkav security experts who also posted a video on how they did this, said that Face ID can be fooled by mask, which means it is not an effective security measure.
In 2008, Bkav was the first company in the world to show that face recognition was not an effective security measure for laptops when Toshiba, Lenovo and Asus used this technology for their products.
"Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it," the firms said on its FAQ page.
Face ID projects more than 30,000 invisible IR dots and claims to only unlock the iPhone X when customers look at it and is designed to prevent spoofing by photos or masks.
Apple's Face ID technology uses a TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognise a face.
According to the firm, the recognition mechanism is not as strict as one thinks and Apple seems to rely too much on Face ID's AI.
According to the firm, if exploited, Face ID can create problems.
"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID's issue.”
As for biometric security, fingerprint is the best, said the firm which discovered the first critical flaw in Google Chrome just days after its launch in 2008.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)