After claiming to have bypassed the Apple iPhone X Face ID with a $150 mask, security firm Bkav is back again with a second 3D-printed mask that has bypassed iPhone X’s attention detection safeguard.
In the first video, the firm has demonstrated how a $150 3D face mask made from silicone nose, 2D images and a large ‘specially processed’ area was able to bypass Face ID feature. Though there were serious questions raised about the authenticity of the demo showed in the video, this time around the firm has run through the entire process without cuts.
In the new experiment, Bkav has used a new 3D face mask model that costs $200 and is made of made of stone powder, with glued 2D images of the eyes. Bkav says that stone powder has higher success rate in tricking the iPhone X Face ID than paper tape which was used in the previous test.
The eyes are printed infrared images which is the same technology that Face ID itself uses to detect the facial image. The video shows the owner enrolling new Face ID and account in real-time which later he unlock the iPhone X using his own face. Then he is seen gently positioning the iPhone X in front of the mask dubbed “artificial twin,” and succeeds in unlocking the iPhone X not once but twice.
Whats more impressive is that Bkav was able to bypass Face ID’s attention detection feature which is an optional safeguard feature that monitors user’s eyes to verify if they are looking at their phone before unlocking it. The security firm in a blog post once again clarifies that fingerprint-based biometric security systems are superior to facial recognition.
Ngo Tuan Anh, Bkav’s Vice President of Cyber Security, said:
About 2 weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc. should be cautious when using Face ID. However, with this research result, we have to raise the severity level to every casual users: Face ID is not secure enough to be used in business transactions.