Before the iPhone X launched, Apple claimed the device’s Face ID system was very unlikely to be fooled. But according to Vietnamese cybersecurity firm Bkav, Apple’s technology was spoofed using a mask that cost only $150 to make.
Bkav claims their attempts began on November 5, so it only took the company about a week to bypass the iPhone X’s security. You can see Face ID being tricked in the video below. The company uses the mask to unlock the device, followed by a researcher’s face. It works without issue.
According to Bkav, the mask was created using a combination of 3D printing, makeup, and 2D images, along with a specially sculpted nose.
When Apple introduced the iPhone X in September, the company touted Face ID’s advanced security, saying it worked with professional mask makers and makeup artists in Hollywood to protect against attempts to spoof Face ID.
Here’s what Apple said in its White Paper about the technology:
Facial matching is performed within the secure enclave using neural networks trained specifically for that purpose. We developed the facial matching neural networks using over a billion images, including IR and depth images collected in studies conducted with the participants’ informed consents.
We tried unlocking the device using a mask but Apple’s system wasn’t spoofed. However, Bkav’s tests prove that with plenty of determination Face ID can be broken into. Apple has already admitted that Face ID isn’t perfect, conceding there’s a 1 in 1,000,000 chance it can be unlocked by a random person.
Bkav said their test is simply a proof of concept, so iPhone X owners shouldn’t be worried. In any case, you can see Bkav’s tests up above.