A couple of weeks ago we reported that Vietnamese cybersecurity firm Bkav fooled Face ID with a cheap mask, and now it’s repeated the trick even more convincingly.
Using a new mask apparently built for around $200 using materials such as stone powder and a 3D printer - which should be obtainable by most people - the researchers shot a video showing the iPhone X unlock for it.
But this time the firm also showed the person who the mask was based on enrolling in Face ID, so you can be sure that the mask wasn’t enrolled as the primary user.
The attention detection feature was also enabled, which is designed to ensure the user is looking at the phone before unlocking it.
It unlocked flawlessly twice in a row for the mask, which sounds worrying, and indeed Bkav (opens in new tab) reckons that based on this users shouldn’t use Face ID to secure sensitive data or in business transactions.
Fooling it still doesn't sound easy
But how much of a risk is it really? Bkav says that to make a 3D model of someone’s face would require secretly taking photos of them when they enter a room containing a pre-setup system of cameras located at different angles.
Then the photos would need to be processed by algorithms, and then you’d need to 3D print a mask. As well as, of course, actually gaining access to the user’s phone.
That sounds like way more work than a typical thief would bother with for a random target, so unless you have very sensitive information on your iPhone X we wouldn’t think you need to worry.
Via Apple Insider (opens in new tab)