Only 10 days after the release of iPhone X, it has now been found that a cybersecurity firm hacked the Apple’s face ID just by using a $150 face mask.
On Friday the cybersecurity firm posted a video on their official blog which showed that they had found a way to hack Face ID by using a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.
The cybersecurity firm further said that the experiment is a proof that in order to bypass the security measure of the face ID even half of the face is enough. The Face ID recognises half the face and allows the user to unlock the phone.
The company released a video, in which a company staff member pulls off a cloth from a face mask which is placed in front of the iPhone 10. The phone instantly unlocks when the mask is placed in front of it. The mask had sculpted silicone nose, two-dimensional eyes and lips printed on paper which was mounted on a 3D printed plastic frame.
Given the time and effort required to recreate someone’s face, it can be said that an average iPhone user might not be at great risk. However, hackers can target potential users like billionaires, leaders of major corporations, national leaders, and agents like FBI. Given that once the face is out in the open it won’t be too difficult to grab.
Comments by Ankush Johar, Director & Partner at Infosec Ventures, a venture fund investing in Cyber Security Innovations.
“No matter how convenient, FaceID always had a potent risk. Passwords are completely private and if needed can be protected with precautions. Your fingerprints, on the other hand, have a potential to be picked up from anywhere as you can’t always wear gloves. With FaceID, your sole authentication medium is always out in the open, up for grabs. If your phone can use an infrared scan to trace every inch of your face then so can any other hardware and this event simply affirms the theory making your data a few bucks away for any malicious hacker”
“FaceID users are simply suggested to use the conventional passcodes as they are your safest bet in the absence of TouchID. Apple, on the other hand, while fixing this issue, can parallelly host a bug hunting program for the FaceID particularly. Extra bonus bounty offers might help Apple to grab the attention of security researchers all across the globe before someone starts selling more bugs in the underground community”