Earlier this month, a video from cybersecurity firm Bkav made the rounds for successfully being able to “trick” Face ID using a carefully constructed mask that mimicked a real person’s face. Now, Bkav shared a second video with a new mask and a clearer look at how the mask used to spoof Face ID.

The research firm explains that the new mask is made of stone powder with 2D infrared images of eyes taped over the mask. Thus, to Face ID, the mask mimics a real face with eyes, the cost to make the mask was $200.


First of all, the demonstrator sets up Face ID normally with his face and then shows that “Require Attention for Face ID” is enabled in Settings. This means that Face ID must be detect that the user is looking at the camera in order for the iPhone X to be unlocked.

Bkav claims the materials and tools used to create the mask are "casual for anyone" and that Face ID is "not secure enough to be used in business transactions.” You will need a high quality image of the person whose phone you’re trying to access, as well as access to a 3D printer, as we as various other materials, not to mention direct access to the person’s phone.

What Bkav believes Face ID is less secure than Touch ID because it's easier to capture photographs from afar than it is to obtain a fingerprint, but this is still a very complex replication process that the average user does not need to be concerned with. Just keep in mind that this is a first-gen technology.

Via MacRumors And 9to5Mac, Image Credit MR

Post a Comment

Powered by Blogger.