Security researchers seem to have already beaten Apple's new Face ID security for its new, expensive iPhone X using an elaborate, 3D-printed mask. On Friday, 10 November, researchers at Vietnamese security firm Bkav released a report and a video claiming that they have managed to crack the company's new facial recognition technology that replaced the iPhone's iconic Home button's fingerprint scanner as a security mechanism.
At the iPhone X launch event, Apple's senior vice president of worldwide marketing Phil Schiller had said, "Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against attempts to beat Face ID. These are actual masks used by the engineering team to train the neural network to protect against them in Face ID."
Bkav, however, claimed to have bypassed the Face ID technology using a mask that features both 2D and 3D components, including 3D printed plastic, a silicone nose, makeup and paper cutouts. The proof-of-concept has yet to be publicly confirmed by other security researchers.
However, it does raise security concerns given that the mask reportedly cost about $150 (£114) to create.
"It is quite hard to make the 'correct' mask without certain knowledge of security. We were able to trick Apple's AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it," Bkav researchers wrote. "Many people in the world have tried different kinds of masks but all failed."
The researchers had an artist make the silicone nose for the mask by hand. After receiving the iPhone X on 5 November, the researchers immediately began working on the mask "using 3D models and other assets" which seems to suggest the process took multiple tries and testing to get it right.
"The mask is crafted by combining 3D printing with makeup and 2D images of eyes and lips, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool the AI of Face ID," Ngo Tuan Anh, Bkav's vice president of cybersecurity, said in a statement.
In the video (embedded below), one of Bkav's staff members lifts a piece of cloth off of a mounted mask facing an iPhone X on a stand. Once unveiled, the iPhone immediately unlocks. Bkav has yet to release the technical details of the hacking proof-of-concept.
"Potential targets shall not be regular users, but billionaires, leaders of major corporations, nations' leaders, and agents like FBI need to understand the Face ID's issue," the company's researchers said. "Security units' competitors, commercial rivals of corporations, and even nations might benefit from our PoC."
The security firm previously demonstrated back in 2008 that the facial recognition-based authentication in laptops from Lenovo, Toshiba and Asus could be cracked as well.
"So, after nearly 10 years of development, face recognition is not mature enough to guarantee security for computers and smartphones," Bkav said.
IBTimes UK has reached out to Bkav and Apple for comment and is awaiting a response.