Bkav, a Vietnamese Internet security firm that claimed to be able to trick the face recognition technology on iPhone X, has introduced a new, “easier and cheaper” way of bypassing Apple’s face recognition security than the meticulously crafted 3D mask used in their previous hack.
In a video posted on Monday, the Hanoi-based firm introduced what it called an ‘artificial twin’ mask, whereby a user creates his or her own ‘twin’ brother or sister with a 3D printer and an infrared camera and then uses the mask to fool Apple’s Face ID.
As seen in the demo, Ngo Tuan Anh, vice president of security at Bkav, reset the Face ID on his iPhone X and registered his face with the device again, before using the 3D mask to successfully unlock it.
The setup was intended to prove that the hack works without intensive training in the artificial intelligence behind the face recognition technology. In the previous hack, Bkav admitted that it took the company ten hours of trial-and-error to find the right angle to fool Face ID with their 3D-printed mask.
The most recent mask looks much different from the first one.
Anh said it was 3D-printed from photos taken of himself from different angles, using calcium carbonate (CaCO3) as the main material instead of paper tape. The eyes, the most important part of the mask, are printed from an infrared camera, the same technique Face ID uses.
As seen in the three-minute video, Anh had no difficulty unlocking his iPhone with the mask, which he called his ‘twin brother’.
He also claimed that the technique used the same approach as similar attempts by twins to successfully fool Apple’s biometric security system.
Bkav said it costs only US$200 to make a mask employing the company’s latest technique and requires easy-to-find materials.
It is also much easier to capture the number of photos needed to make the 3D mask. Bkav said potential hackers would only need to trick the person whose face they want to replicate into a room where secret cameras are installed at different angles.
|The previous mask used to fool Face ID. Photo: Bkav|
After the successful demo of its Face ID hack earlier this month, Bkav warned that there is proof that Face ID is ‘hackable’ and that state leaders, billionaires and heads of big businesses should think twice before choosing to secure their iPhone with Face ID.
However, given that even a low-cost 3D mask could fool the device, Anh said that Bkav “would increase our warnings on the technology to the highest level, meaning everyone should be aware that Face ID is not secure enough to be used in commercial transactions.”
Apple has not made any official comment.