Tech companies of all shapes and sizes have been on the hunt for the “Holy Grail” of security features since before the rise of the internet. So far, a number of strategies have been developed, but none have proved to be successful. Hackers have found ways around each and every one to date.
Apple recently made another attempt when they released their new iPhone X, complete with a new “ultra-secure” Face ID security feature, which was touted during the new phone’s September launch event. During that event, Apple’s Senior VP of Worldwide Marketing, Phil Schiller, had this to say about the new feature:
“Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID.”
Unfortunately, the new feature has proved to be somewhat less “ultra-secure” than was originally advertised. Just one week after Apple’s announcement, the Vietnamese security firm Bkav was able to unlock the iPhone X using a mask.
It cost the company roughly $150 to create the mask, which was built using a combination of 2d images, a bit of makeup and a few 3D-printed components, with special attention paid to the areas around the eyes, cheeks and nose (which was printed on a 3D printer).
A spokesman for Bkav had this to say about their efforts:
“Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it. You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face. It means that the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”
All that to say, don’t put too much faith in the new “ultra-secure” Face ID feature. It’s far from the bullet-proof security feature the company touted it as being.