After proving in 2008 that facial recognition was not an effective security measure for laptops, a Ha Noi software security firm has shown that Apple’s claims of it being a robust method of securing your new $1,000 iPhone X is not exactly accurate.
In the video above Bkav vice president of cyber security, Ngo Tuan Anh, first unlocks an iPhone X without a face in front of it. Without a face iPhone X prompts for a passcode. The Phone unlocks.
Mr Ngo then tries to unlock the iPhone X again, but this time with a mask in front. The device unlocks smoothly and rapidly. Finally, to prove that the facial recognition software on the iPhone X is working correctly he unlocks the phone using his face.
At the iPhone X launch in September Apple’s senior vice president of worldwide marketing, Phil Schiller, described the Facial recognition feature, Face ID, as “incredible”, noting that Apple engineering teams had “worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID”. Those attempts appear to be not good enough, or in internet parlance, a #fail.
According to details posted on Bkav’s website: The mask is crafted by combining 3D printing with makeup and 2D images. According to Mr Ngo, some special processing is needed on the cheeks and around the face, where there are large skin areas, to fool Face IDs artificial intelligence (AI).
In a potted question and answer, Bkav says it is irrelevant if Apple’s Face ID “learns” new images of the face with use. ‘It will not affect the truth that Apple Face ID is not an effective security measure.’
The firm says it was able to trick Apple’s Face ID AI by understanding how it worked. ‘Many people in the world have tried different kinds of masks, but all failed’, the posting states.
Describing the demonstration as a ‘proof of concept’, the mask used to bypass potentially millions of dollars in research and development by some of the most brilliant minds in Cupertino cost just $150 to make, and was constructed in just than ten days after Bkav obtained an iPhone X.
Claiming that Apple has not implemented facial recognition well, Bkav says fooling Apple’s flagship security feature ‘went much more easily’ than people might expect.
Describing how all that was needed was half a face image to make the mask, the company says people can try it out for themself. The iPhone X will still recognise you even when half of your face is covered, the company says. As for biometric security? Bkav says forget facial recognition, ‘fingerprint is still the best’
Feature video Bkav Corp