iPhone X: Apple's Face ID deceived by a 3D printed mask

With the iPhone X, Apple has abandoned Touch ID to introduce a new biometric technology based on facial recognition. Face ID is one of the main innovations unveiled by the manufacturer this year.

For experts and researchers in security, to measure the protections deployed by the American giant is tempting. Hackers of the Vietnamese cybersecurity firm Bkav launched an attack on Face ID.

No 100% security :

They detail this time more the procedure followed for this hack by showing the enrollment process (registration of the face used as a reference to unlock Face ID), then the opening of the iPhone X via the mask called "artificial twin".

The name is not chosen at random and illustrates how an identical twin (or practically) could unlock an iPhone X. Apple had recognized during the presentation of its technology that members of the same family sufficiently similar could s identify on Face ID.

The manufacturer said, however, have worked with Hollywood studios to test several hacks based on masks. It is thanks to a mask that the experts of Bkav announce having been able to deceive Face ID.

Asked by Forbes, the company provides details on the method used. She used a 3D scanning booth to take original images. "For example, if you stand in the middle of the booth, she will take pictures of you from different angles in just two seconds and we will take an infrared image of your face."

A reproducible attack easily?

A 3D object is then designed with these photos, then printed on a 3D printer. Stone powder is used as a material to print a twin mask of the face. The eyes are not preserved, however, and are the subject of a specific approach.

But no question for hackers to describe the process. Removing the eyes from the mask is in any case part of the trick to deceive Face ID. 2D eyes are printed and pasted on the mask in 3D. And the operation works.

Is such an attack possible in the real world to access the terminal of a target? Bkav does not answer this question. A priori, to function, their technique, whose details have not been revealed, requires a precise scan of the face of the target. According to Forbes, the iPhone X must also be aligned at a precise angle with the mask for the attack to work.

A specialist in security and encryption interviewed by our colleagues also emphasizes that the efforts made by hackers to produce the mask remain a mystery, as the number of attempts needed to design the appropriate mask.

"As a threat, it proves that Face ID is not completely safe, and that everyone is worried about his daily life, I am less convinced," adds the expert. What is for now recalled is that no security is 100% reliable. And that is not a revolution.