Face ID, arguably the new iPhone X’s most prominent feature, is facing a great deal of threat. Following mixed reviews from lots of iPhone X users, most of whom found it hard to trust and use, the feature has now become the target of hackers everywhere.
In recent weeks, various videos have been posted on social media as people are trying to sneak past the Face ID feature and access the iPhone X. Most haven’t been successful, which should be a relief to users.
Some are funny, like that of a young boy trying to access his mother’s phone using different facial expressions. Some are definitely not funny. They highlight the possibility of a major threat: that Face ID can be outmanoeuvred by smart tech. One such video is a recent one released by a Vietnamese research firm, professionally known as Bkav.
The firm claims that they managed to manipulate Face ID and show how they did it in the video. Their technique was one unseen in older videos: they used masks, a hand sculpted nose, normal 2D printing, a custom skin surface and a consumer-level 3D printer to trick the software into disarming the phone.
In the video, a half head-like figure (artificially put together to look like a head) with a visibly artificial nose looks straight into the iPhone X as it sheds a maroon beam of light onto its face. The head-like figure is wrapped all over with a white mask, leaving only the eyes, nose and mouth features exposed to the light.
But Apple isn’t alarmed. Face ID was seemingly designed with all these hacking possibilities in mind, which explains why Apple didn’t panic when the video surfaced. Apple clarifies that “Face ID matches against depth information, which isn’t found in print or 2D digital photographs. It’s designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks. Face ID is even attention aware. It recognizes if your eyes are open and looking toward the device. This makes it more difficult for someone to unlock your iPhone without your knowledge (such ad when you’re sleeping)
So, should you be worried?
Experts say no.
You probably don’t need to worry yourself about the endless negative possibilities such a development would trigger. At $150, the procedure Bkav used is quite expensive for the average hacker. It would necessitate the backing of a major corporation or wealthy individual to clone hundreds of millions of faces in order to access their phones using this method. Apple itself doesn’t see the video as a worrisome development; the company maintains that they proofed the software against any 2D or mask related hacks. In a statement, the company also highlighted the fact that Face ID used different technologies than other facial recognition technologies, and that they were sophisticated enough to thwart hacking attempts.
Some experts believe that the iPhone could have been trained on the mask before the recording was made. Other just doesn’t believe the possibility of this hack, or its ability to work in every situation.
Despite the contradiction, it’s still not hard to believe the video and its contents. The process they used to open the phone is quite clear to see, and Bkav is fairly known on the internet. It highlighted the weaknesses in the facial recognition systems of Lenovo, Asus, and Toshiba way back in 2009.
Bkav also claims that they followed the “strict rule of ‘absolutely no passcodes” when designing the mask. This, if true, rules out the possibility of them having used a passcode before being locked out.
Bkav’s hacking attempt comes right after various users and reviewers voiced their concern over Face ID’s working mechanism, which they feared would lock them out of their own devices on a whim or grant other people access on random days. The possibility of Bkav’s hack being used on their devices is sure to add an alarm to worry, and comes off as another weakness of the security software.
Bkav has already tried to confirm that its aim wasn’t entering peoples’ phones. In an online Q&A session hosted by the firm on its hack attempt, Bkav clarified its position on the hack, saying, in part, “Potential users shall not be regular users, but billionaires, leaders of major corporations, national leaders and agents like FBI need to understand the Face ID’s issue.
But is that assurance enough?