Nov 28, 2017 | By Benedict

Vietnamese cybersecurity firm Bkav has once again beaten Apple’s Face ID iPhone security feature, this time using a 3D printed mask and printed infrared images of eyes. Because the hack was so easy, Bkav strongly recommends avoiding Face ID as a means of protecting sensitive data.

It’s only been a few weeks since we reported that Bkav, a Vietnamese cybersecurity company, had cracked the Face ID security system of Apple’s new iPhone X. To do so, it used a $150 3D printed mask complete with various synthetic facial features to trick the iPhone into “seeing” the phone’s real user.

While that project made the Face ID system look a bit silly, Bkav was cautious about exaggerating the impact of its discovery. The security firm suggested that only very high-profile iPhone X users—politicians, for example—should be wary of this kind of hacking threat, and that everyday users should not panic too much about 3D printed masks.

Now, however, Bkav has changed its tune. That’s because the company has performed another Face ID hack, this time beating Apple’s facial recognition feature in a much shorter timeframe than the 9-10 hours required for the initial hack.

Since the unlocking could be performed so easily this time, Bkav has raised its warning level, suggesting that even ordinary business users should avoid using Face ID as a legitimate security feature.

Funnily enough, this latest experiment was actually a direct response to Apple, which claimed upon the iPhone X’s launch that Face ID could probably only be hacked if you happened to have an “evil twin.” Bkav interpreted this claim as a challenge: could an evil twin be fabricated from scratch? If so, anybody’s iPhone X could be hacked.

The new 3D printed Face ID-fooling mask is made from a stone powder, with 2D infrared pictures of eyes taped over the top—infrared being the technology used by Face ID to detect faces. It sounds too simple to work, yet Bkav reports that an iPhone willingly unlocked itself even with the high-security “Require Attention for Face ID” setting enabled. (This feature means the “user” must look directly into the camera in order to unlock the phone.)

Additionally, Bkav noted that Face ID was unable to “learn” to correct its mistake, consistently allowing the “artificial twin” mask to unlock the phone during successive attempts.

So can the process be replicated by ill-intentioned hackers? Possibly, Bkav says. Although the mask requires a high-quality 3D image of the person whose phone is being hacked, the entire process (materials, 3D printing etc.) only costs around $200. Besides, Bkav says, a 3D image can be obtained secretly, by setting up multiple hidden cameras around a room and stitching together the collected 2D images.

Bkav concludes its latest experiment by advising all iPhone X users to rely on Touch ID and passcodes rather than Face ID, since collecting fingerprints it tougher than collecting images of a user’s face.

 

 

Posted in 3D Printing Application

 

 

Maybe you also like:


   






Leave a comment:

Your Name:

 


Subscribe us to

3ders.org Feeds 3ders.org twitter 3ders.org facebook   

About 3Ders.org

3Ders.org provides the latest news about 3D printing technology and 3D printers. We are now six years old and have around 1.5 million unique visitors per month.

News Archive