Apple said the Face ID facial recognition system available on the iPhone X is substantially more secure than the Touch ID fingerprint scanner, claiming the likelihood of someone unlocking your phone with the face is 1:1,000,000, up from 1:50,000 on previous iPhones.
But this doesn’t necessarily mean Face ID is hacker-proof, and Vietnamese security firm Bkav has managed to prove this with the help of a specially crafted mask used to replicate the face of an iPhone X owner who previously configured facial recognition to lock the device.
The facial mask uses a mix of a 3D-printed frame, 2D images, a silicon nose, and plenty of makeup to create a weird-looking face that apparently tricks iPhone X’s Face ID into believing it’s actually the owner of the device trying to get access to the home screen.
The security firm turned to what has been described as special processing, which is actually subtle tweaks given to certain face parts, in order to bypass facial recognition, and as you can see in the video below, the whole project proved successful.
It goes without saying that this is an expensive mask that requires plenty of know-how, resources, and time, but there’s one big issue that this experiment brings to life: if a security firm managed to bypass facial recognition, it means others could do it too, and the first name that comes to mind is the FBI.
The agency has often criticized Apple for not helping law enforcement hack into iPhones and access data stored on devices, and more recently, FBI investigators struggled with the phone owned by the Texas church shooter which was using Touch ID to block unauthorized access.
With such a mask, which the FBI obviously has the resources to build, the agency can break into iPhones without Apple’s help, and with more phone manufacturers looking into facial recognition, it raises questions as to how secure users’ data would be in the future.
On the good side, in order to hack Face ID, the FBI and whoever tries to do it need super-high-quality details of the owner’s face, which could prove tricky, but not impossible for a government agency to obtain.