Apple’s Face ID is supposed to be the most secure biometric security system ever put into a smartphone. The company claims a false-positive rate of just one in a million under normal circumstances. But if you add some nefarious security researchers with a lot of spare time into the mix, things get more complicated.
A Vietnamese security firm claims to have bypassed the iPhone X’s Face ID system using a silicone mask, a 3-D printed frame, and 2-D images of the eyes and mouth. It’s not a simple process, but it does mean that the iPhone X is technically defeatable.
The system starts with a 3-D printed frame that copies the underlying topography of the subject’s face. Face ID’s biggest innovation is the 3-D image scan of the user’s face that it relies on, which sets it apart from other facial recognition systems that just use a color 2-D image. To the 3-D frame, researchers added a silicone layer to resemble skin, areas of “special processing” along the forehead, and 2-D images of the subject’s eyes and mouth.
In a video, the security firm shows the mask unlocking the iPhone X on its own, as well as when placed on a person’s face.
In practice, the mask doesn’t present a threat to casual users. Any hack using the system would require a huge amount of research and preparation, which isn’t feasible for most criminals.
But for police forces executing a particularly valuable search warrant, for example, it could be possible to secretly scan a suspect’s face, make a mask, and then catch him unawares. Users can quickly disable Face ID by pressing the lock button five times in a row, but it would hypothetically be possible to steal someone’s phone and use the mask to unlock it before Face ID could be locked out.