LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
NEWSCAST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Security Firm Says Extremely Creepy Mask Cracks iPhone X's Face ID

Apple's Philip Schiller unveiled the Face ID feature in September. Less than a week after the iPhone X was released, a Vietnamese security firm said it had cracked Face ID using a specially made mask.

Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't — trick the phone's facial recognition software. How? One very creepy mask.

In a video released by the company Bkav, an employee unshrouds the mask, to which the phone apparently responds to by unlocking. "Face ID on this iPhone X is not as secure as Apple has announced," the employee says. The employee then unlocks the phone again with his own face.

On its website, Bkav says it made the mask with two- and three-dimensional printers, silicone and "hand-made" skin to "trick Apple's AI."

The whole thing cost about $150, the company says.

A feature of the iPhone X, Face ID uses facial recognition rather than a passcode or fingerprint to unlock the phone. It can also be used to confirm identity to make purchases and sign in to other apps.

Of course, a feature like that has attracted a few skeptics.

Wired made an array of deeply creepy masks, hiring a special effects makeup artist who spent 17 hours embedding thousands of eyebrow hairs with a needle — all of which failed to unlock the phone. The Wall Street Journal tried to fool it, and succeeded — but only by using 8-year-old identical triplets.

Apple would not comment on the video for this story. And NPR was not independently able to verify the claims.

When the iPhone X was unveiled in September, Apple marketing executive Philip Schiller said that Face ID's creators had developed a "neural engine" to process facial recognition that wouldn't "easily be spoofed by things like photographs," he said.

"They've even gone and worked with professional mask-makers and makeup artists in Hollywood to protect against these attempts to defeat Face ID. ... We require user attention to unlock. That means if your eyes are closed, you're looking away, it's not going to unlock," Schiller said at the time.

Schiller also put the odds of a random person being able to unlock your phone's Face ID at 1 in 1,000,000.

But Bkav, the security firm, said hacking Face ID wasn't as hard, pointing out that the software would recognize the owner's face even if half-covered.

"It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID's AI. We just need a half face to create the mask," the firm asserted.

Bkav calls its hack proof of concept, "the purpose of which is to prove a principle."

Marc Rogers, a researcher at the security firm Cloudflare, told Wired that if Bkav has indeed succeeded in hacking Face ID, the most surprising aspect would be the discovery that printed eyes could deceive it — no eye motion needed.

The magazine also notes that Bkav has a history of successfully breaking laptops' facial recognition tools with nothing more than 2-D images of a face.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
96.1 FM K241AR Lawrence (KPR2)
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)
contact@kansaspublicradio.org