Face ID Reportedly Got Hacked
We actually posed this question more than a couple of weeks ago, and now in light of some recent and very relevant news, we might have to ask it again -- is Face ID safe? Of course, the news being referred to is that of a Vietnam based security software firm that reportedly was able to hack the facial recognition system, and even posted a video demo on YouTube last Friday.
What BKAV basically did was come up with a 3D printed mask (which is said to cost only $150), fully customized with a silicon nose, a couple of cut outs for the eyes, and a mouth on a 3D printed frame. Ngo Tuan Anh, the vice president of cybersecurity at BKAV, then did the honors of using the customized mask to unlock Face ID.
By now, it is safe to say that everybody must have already heard about Apple’s Face ID technology. Debuting on one of the tech giant’s flagship offerings this year, the iPhone X, the feature is a form of facial recognition system that iOS uses to verify an iPhone X owner’s identity. Face ID was supposed to be the next step in achieving safe and inconvenient identity authentication for mobile devices, but BKAV is showing that the technology still has plenty of room for improvement.
Facial recognition technology is nothing new, and early forms of the tech have not been totally reliable, at least as a security feature. More than a couple of months ago, there were ports that the facial scanning system of Samsung’s highly praised phablet, the Galaxy Note 8, could be fooled using a flat image.
Apple’s Face ID looked to be a significantly more promising take on facial scanning. For one, it uses a combination of infrared sensors and mapping dots to render a 3D image of the face being scanned, which meant that flat images would be useless in trying to fool the system. Apple also claims it had tested Face ID against prosthetic masks (even those used by prop makers working in movies) with success.
But as suggested by BKAV’s video, could Apple be too overconfident? To be fair, BKAV might have to answer some questions too regarding the exact methodology of its test, and if the results of its trials were to be taken seriously, they need to be repeatable (which is a scary thought, considering every hacker out there with evil intentions is praying for it to be repeatable). BKAV has said that it would provide more details about its test via a press conference this week, so we will see how it goes.