Apple iPhone X Face ID Fooled by a Mask

Apple’s Face ID technology, the centerpiece biometric authentication mechanism for the iPhone X, has been cracked a little more than a week after it was introduced to the public.

Researchers from Vietnamese security company Bkav demonstrated that they could fool the technology to unlock the phone with a mask constructed with a 3D printer, some silicone, makeup and two-dimensional images—about $150 in materials.

The company said in a FAQ published on Saturday that its proof-of-concept demonstrates that Apple’s claims that the technology cannot be tricked to unlock devices isn’t as foolproof as they say.

“Apple has done this not so well,” the company said.

There may be some limitations to this attack, however. Apple said there are certain situations when the iPhone X will require a passcode, for example, in addition to Face ID authentication. According to Apple, those situations occur if:

  • The device has just been turned on or restarted.
  • The device hasn’t been unlocked for more than 48 hours.
  • The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID hasn’t unlocked the device in the last 4 hours.
  • The device has received a remote lock command.
  • After five unsuccessful attempts to match a face.
  • After initiating power off/Emergency SOS by pressing and holding either the volume button and the side button simultaneously for 2 seconds.

“In order to compromise Face ID authentication, the attacker would have to have a detailed map of the face of the user, create a mask that would map the exact details of the victim’s face, unlock the phone within five attempts, and do all of this within 48 hours,” said Paul Norris, senior systems engineer at Tripwire in a statement sent to Threatpost. “This seems like an unlikely sequence of events.”

Bkav’s FAQ also lacks some key background information that’s bound to raise some eyebrows. The researchers are not precise about the specifics on construction of the mask (what 3D technologies were used?), nor what was enrolled on the device, nor how many attempts were made before a passcode was entered. There is a belief the AI could be trained to allow the mask to unlock the device if a valid passcode is entered after a failed attempt with the mask. A user has five attempts to authenticate before a passcode is required, and also a passcode is required every 156 hours regardless of how many times a device has been unlocked—all of which could affect the results achieved by the PoC.

Bkav explains that the attack tricks the artificial intelligence behind facial recognition technology, something they claim to understand and have been able to break since 2008 when they bypassed similar technology guarding Toshiba, Lenovo and Asus laptops. The older attacks used digital images of the user to access the machines, an attack demonstrated at the Black Hat DC conference.

The breakthrough, admittedly a proof of concept, comes just as the FBI may be ramping up another public campaign undermining encryption and secure messaging platforms. The FBI has confiscated a locked cellphone belonging to the alleged shooter in the Nov. 6 massacre at a Texas church that left 26 dead. The bureau admitted to not being able to unlock it, similar to the struggle it had with the San Bernardino terrorist’s phone last year, an incident that kicked off the Apple-FBI saga.

‘With Face ID’s being beaten by our mask, FBI, CIA, country leaders, leaders of major corporations, etc., are the ones that need to know about the issue, because their devices are worth illegal unlock attempts. Exploitation is difficult for normal users, but simple for professional ones,” Bkav researchers said. “Potential targets shall not be regular users, but billionaires, leaders of major corporations, nation leaders and agents like FBI need to understand the Face ID’s issue. Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our PoC.”

Bkav also claims that its PoC will continue to work, despite the fact that Apple says Face ID continues to learn from each authentication attempt in order to improve the mathematical representation of the user’s face.

“It does not matter whether Apple Face ID ‘learns’ new images of the face, since it will not affect the truth that Apple Face ID is not an effective security measure,” they said.

A video demonstration of the attack, below, shows the phone unlocking an instant after a cloth is removed from the mask revealing the constructed face.

The researchers explain that the mask is a mix of 3D printing and hand-crafted construction; the nose on the mask was done to specifications by an artist, who used silicone to build it. The researchers had to tweak it afterward to beat the AI, they said, adding that the phone would unlock even by showing just half of the user’s face. The mask took six days to perfect and beat Face ID.

“You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face,” they said. “It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”