Back when Apple unveiled the iPhone X, Phil Schiller emphasized that the company had worked with professional mask makers and Hollywood makeup artists to ensure Face ID couldn’t be tricked. But less than a week after the phone was released, Vietnamese cybersecurity firm Bkav claims to have duplicated a user’s facial features and used them to unlock a handset.
The company released a blog post and video explaining how it used a mixture of 3D-printing, plastic, silicone, makeup, and paper cutouts to create the creepy looking mask, which supposedly tricked the iPhone X’s facial recognition security tech. There’s some "special processing done on the cheeks and around the face," but creating the mask costs just $150.
This is all just a proof-of-concept right now, so it shouldn’t be too much of a concern for your average iPhone X owner, though Bkav says it proves the system isn’t as secure as Apple would have you believe.
The technique also requires accurate measurements or a facial scan of the person whose face is being recreated, so it’s not an easy hack to pull off, though Bkav said future versions of its system could use a smartphone with 3D scanning capabilities, such as the Sony Xperia XZ1, to capture images of victims’ faces. It might also be possible to create models from just photographs.
"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders, and agents like FBI need to understand the Face ID's issue," writes Bkav.
Not much else has been revealed about the technique or how it managed to beat the system after so many attempts by others have failed, leading some skeptics to question its authenticity. But Bkav does have a history of finding ways to fool facial recognition tech, so this could the first instance of Face ID being tricked without the use of a twin.