The iPhone X’s Face ID Might Not be as Secured as Promised
When Apple first introduced the iPhone X and the Face ID this year, a lot of people pointed out concerns about the facial recognition system, specifically ways to spoof the security by using masks. Apple presented during the new iPhone’s reveal that the system works in the dark, when you grow facial hair, and can even tell if the user is wearing a mask. They were proud to say that the system is ALMOST fool-proof, except if the one attempting to open the phone is a relative, especially if that relative is a maternal twin. But Apple has assessed that the chances of that to ever happen is very, very low.
Fast-forward a few weeks later, reports are coming in that seem to prove that Apple’s first assessment on the matter is quite wrong.
Relative Faces
A video by the Wall Street Journal was uploaded on November 2 and features them putting the Face ID through a series of tests using pictures, masks, and twins. For the first two tests, the iPhone X worked splendidly, ignoring all the attempts to dupe the phone.
During the twins’ test, however, three kids who are maternal triplets were able to open the phone. The twin tests come in two parts: one is tested by a duo that is fraternal twins and the other is tested by a trio of maternal triplet kids. The triplets tested the phone first and they succeeded because they look closely alike. The test done by the fraternal twins, however, didn’t work.
Then a report came 12 days later of a child who was able to unlock his mom’s phone via the Face ID. In Attaullah Malik’s video, the mother, Sana Sherwani, demonstrates how her son was able to unlock the phone. Malik also wrote in his Linkedin that the son was able to open his phone, but just once. The couple claimed that they found this fact funny at first, but not afterwards due to concerns that their son might find something in their phones that they don’t want him to find.
WIRED got into contact with the family and asked what would happen if Sherwani reprogrammed the phone’s facial recognition again. She did so and they found that Ammar couldn’t open the phone anymore. They have Sherwani do a few more test and found that poorer lighting conditions can contribute to how likely Ammar can open the phone. WIRED also pointed out in their article that two group of brothers were able to fool the iPhone X’s Face ID system as well.
Hacked With A Mask
Then on the other side of the globe, a team of Vietnamese from a security company was able to demonstrate that the Face ID is unlockable using a 3D printed mask. BKAV’s vice president for cybersecurity, Ngo Tuan Anh, uploaded a video with a demonstration of how they were able to use a 3D printed mask to unlock the Face ID. First, they showed that the phone would switch to password input when they swiped up and it couldn’t detect a face to scan. Then they uncovered the mask and tried to scan it again. This time it opened.
But a closer look at the video reveals that the phone was swiped up and unlocked before the unlock animation happened. This cast a lot of doubt on the video and some even claimed in the comment that the phone was not an iPhone X. It doesn’t help that the company never did quite answer the questions people wanted to ask on their blog post and even used “because we are the leading security firm” as an actual serious answer. For example, they didn’t explain how Apple’s AI worked, which they claim to understand, and claimed that the Face ID isn’t really strict: you can use just half your face to open the phone.
Conclusion
Whatever the Vietnamese did the experiment still cast a shadow over Apple’s technology. If Apple doesn’t address the issues and report quickly there will be a lot of hate that will be thrown their way, probably enough to hurt the company. If the BKAV experiment was actually legit then hackers will have to find a way to be able to replicate their victims’ heads, with the face and its exact measurements. The good news is that such a task is troublesome and unless this is done by people with money, power, and a good reason no one would be willing to go to huge lengths just to unlock your phone.