© 2021
In touch with the world ... at home on the High Plains
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Security Firm Says Extremely Creepy Mask Cracks iPhone X's Face ID

Apple's Philip Schiller unveiled the Face ID feature in September. Less than a week after the iPhone X was released, a Vietnamese security firm said it had cracked Face ID using a specially made mask.
Justin Sullivan
/
Getty Images
Apple's Philip Schiller unveiled the Face ID feature in September. Less than a week after the iPhone X was released, a Vietnamese security firm said it had cracked Face ID using a specially made mask.

Less than a week after the iPhone X release, a Vietnamese security firm says it has done what others couldn't — trick the phone's facial recognition software. How? One very creepy mask.

In a video released by the company Bkav, an employee unshrouds the mask, to which the phone apparently responds to by unlocking. "Face ID on this iPhone X is not as secure as Apple has announced," the employee says. The employee then unlocks the phone again with his own face.

On its website, Bkav says it made the mask with two- and three-dimensional printers, silicone and "hand-made" skin to "trick Apple's AI."

The whole thing cost about $150, the company says.

A feature of the iPhone X, Face IDuses facial recognition rather than a passcode or fingerprint to unlock the phone. It can also be used to confirm identity to make purchases and sign in to other apps.

Of course, a feature like that has attracted a few skeptics.

Wired made an array of deeply creepy masks, hiring a special effects makeup artist who spent 17 hours embedding thousands of eyebrow hairs with a needle — all of which failed to unlock the phone. The Wall Street Journal tried to fool it, and succeeded — but only by using 8-year-old identical triplets.

Apple would not comment on the video for this story. And NPR was not independently able to verify the claims.

When the iPhone X was unveiled in September, Apple marketing executive Philip Schiller said that Face ID's creators had developed a "neural engine" to process facial recognition that wouldn't "easily be spoofed by things like photographs," he said.

"They've even gone and worked with professional mask-makers and makeup artists in Hollywood to protect against these attempts to defeat Face ID. ... We require user attention to unlock. That means if your eyes are closed, you're looking away, it's not going to unlock," Schiller said at the time.

Schiller also put the odds of a random person being able to unlock your phone's Face ID at 1 in 1,000,000.

But Bkav, the security firm, said hacking Face ID wasn't as hard, pointing out that the software would recognize the owner's face even if half-covered.

"It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID's AI. We just need a half face to create the mask," the firm asserted.

Bkav calls its hack proof of concept, "the purpose of which is to prove a principle."

Marc Rogers, a researcher at the security firm Cloudflare, told Wired that if Bkav has indeed succeeded in hacking Face ID, the most surprising aspect would be the discovery that printed eyes could deceive it — no eye motion needed.

The magazine also notes that Bkav has a history of successfully breaking laptops' facial recognition tools with nothing more than 2-D images of a face.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Laurel Wamsley is a reporter for NPR's News Desk. She reports breaking news for NPR's digital coverage, newscasts, and news magazines, as well as occasional features. She was also the lead reporter for NPR's coverage of the 2019 Women's World Cup in France.