NEWS
Apple Face ID 'Fooled' By $150 Mask -- But Big Questions Remain
2918
2020-06-19
Posted by 3uTools

Apple Face ID 'Fooled' By $150 Mask -- But Big Questions Remain


Researchers in Vietnam claim to have bypassed Apple's Face ID facial recognition technology with a mask that cost less than $150 to make, but many questions remain about just how they achieved their hack. Indeed, there are a number of gaps in the Vietnamese hackers' disclosure that leave room for doubt about the applicability of their attack in the real world.


On the face of it, the attack appears legitimate, a creepy-looking mask unlocking an iPhone X, released just over a week ago. The researchers, from cybersecurity company Bkav, created their mask by 3D printing a mould and attaching some 2D images of the enrolled user's face. They then added some "some special processing on the cheeks and around the face, where there are large skin areas, to fool  AI of Face ID."


In an FAQ on the Bkav website, the firm gave some detail on how the mask was created. "We had an artist make it by silicone first. Then, when we found that the nose did not perfectly meet our demand, we fixed it on our own, then the hack worked. That's why there's a part on the nose's left side that is of a different color (photo attached). So, it's easy to make the mask and beat Face ID." The company noted that alongside a 3D printer for the mask's mould, both the nose and the skin were handmade.


"We just need a half face to create the mask. It was even simpler than we ourselves had thought."


More details needed

Despite all that, there are some gaps in the research. Crucially, the proof-of-concept video leaves out the enrolment process for the true face. They may, for instance, have enrolled the mask itself. Or they may have added features from the mask to the face, such as glasses or a piece of the plaster, which could've duped the technology.


There's another possible trick: after a rejection of the mask, they could've entered the passcode, which would then train the phone to accept the mask. But the researchers said they applied a strict rule of "absolutely no passcode."


There was a note of caution from the researchers too, inviting further questions: "Here, I want to repeat that our experiment is a kind of proof of concept, the purpose of which is to prove a principle, other issues will be researched later."


The researchers do have history in breaking biometric systems, however. In 2008, they were able to show how to bypass facial recognition technologies on a range of laptops, from the likes of Toshiba, Lenovo and Asus.


Bkav hadn't responded to questions seeking clarity on the hack at the time of publication. But those details could be filled out later this week, as the researchers promised to provide more information. 


"It's difficult to say if there is some trickery here," said professor Alan Woodward, from the University of Surrey's department of computing. "Nothing in what they say suggests there is, and I must confess that I'd be cautious about FaceID as the sole means of authentication. I think biometrics is still a technology yet to prove itself.


"It reinforces in my mind the need to two-factor authentication. The convenience of Face ID is very attractive but if it is flawed, then once it becomes wholly useless as you have only one face: unlike passwords you can’t change it."


For now, iPhone X owners needn't panic about imminent attacks just yet. For starters, a malicious hacker would need to do a full scan of a target's face. Furthermore, they'd need physical access to the device. Face ID isn't perfect, but it's yet to be definitively proven broken as a security technology.


Source: Forbes

Related Articles
Unlock iCloud and Recover Deleted Data - "UFED" From Israel Hackers iPhone SE 2 Again Rumored to Launch in First Half of 2018 Hackers Claim to Break Face ID a Week After iPhone X Release Korean Report Claims Apple Will Drop the iPhone X Notch in 2019 iPhones Jailbreak for All iOS 13.5 Devices Coming Soon, Hackers Say Google Removes Passcode/Touch ID/Face ID lock from Drive, Docs, Sheets & Slides iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On Disgruntled Hacker Leaks Snapchat’s iOS Source Code on GitHub