A cybersecurity firm has successfully โtrickedโ Face ID by creating a specially made mask that imitates a personโs real face. However, the researchers say they unlocked the iPhone X with a real face so that the phone could not learn any false data from the mask.
The mask cost only $150 to make but it required access to a detailed scan of the personโs facial features and many hours of work by artists. Most of it was made by a 3D printer while other elements such as the skin and nose were hand-made. Only the eyes, nose and mouth are actually painted in because the researchers found that large portions of the face did not have to accurately depict a face in order for Face ID to unlock.
Apple has said that Face ID has defences against such biometric attacks but this does not guarantee infallibility:
An additional neural network thatโs trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks.
This does show that a targeted attack on specific, important individuals is possible so such people should avoid using Face ID. For everyone else, Face ID is more than secure as itโs far too time-consuming to create a mask of this quality just to break into one personโs phone.
Itโs also worth noting that this mask will have been created with the cooperation of the person it is mimicking, which would not be the case for an attack on a celebrity, for example. Apple can also use findings from this research to make an even more secure algorithm for Face ID to be released in future software updates.
