When Apple first announced Face ID for the iPhone X, it claimed the new feature was significantly more secure than Touch ID and couldn’t be fooled by even the most realistic of masks. But it turns out that might not be the case.
Vietnamese cyber security firm Bkav claims to have already tricked Face ID using a custom-made a mask – but don’t return your iPhone X just yet. Before you freak out, here’s what the news actually means for your smartphone security.
How Bkav Beat Face ID
According to Bkav, all you need to make a mask that can trick Face ID is a scan of the person’s face and about $200 worth of materials.
The second part is easy. The mask was made using some sculpted silicon, printer plastic, makeup and paper cutouts. Key areas, such as the eyes and mouth, were actually recreated with 2D photos pasted onto the 3D surface. The design was based on the discovery that Face ID only scans about half of your face and allegedly doesn’t require eye movements to work, making it surprisingly easy to fool.
The first part is a little more complicated, though. Bkav used a handheld scanner that took five minutes to work. So the only way to scans someone’s face is to be in the same room, with their participation (either by choice or forced).
Why You Shouldn’t Be Worried
The fact that someone would need to be in the same room with you means this Face ID hack isn’t much of a threat to most people. Bkav notes that world leaders and CEOs could be at risk from a targeted attack, but for the rest of us, it isn’t worth worrying about.
Down the line, it’s possible you could get the same results by quickly scanning someone’s face with a smartphone camera or even using photographs. But again, you don’t need to worry about that at the moment.
We also still don’t know how legitimate Bkav’s claims really are. The company may have purposefully done a poor job setting up Face ID so it was easier to trick, which would discredit the results. Bkav declined to answer a list of questions from Wired, but said it would reveal more at a press conference this week, so we should learn more soon.
Until then, there’s no reason to stop using Face ID, unless you simply find it annoying to use.