Cyber Security Firm Uses a 3D Printed Mask to Fool iPhone X’s Facial Recognition Software

Anyone with an iPhone knows they have the choice to either set a numerical pass code or use their fingerprint embedded in the phone’s home button to unlock their phone, so strangers aren’t able to access their information. But when Apple introduced the highly-anticipated iPhone X, which has a bigger screen but no home button, in September, the company unveiled a new security measure – Face ID. It’s enabled by Apple’s TrueDepth camera, projecting and analyzing over 30,000 invisible dots to create a precise depth map of your face. Face ID is different from other electronic devices’ image recognition techniques due to this dot projection, which creates a 3D image by directing beams of infrared light at a person’s face; then, artificial intelligence essentially “learns” the face and keeps other faces from accessing the phone. The biometric software can unlock the phone, log in to a person’s apps, and even authorize payments, and after stress-testing the technology with Hollywood-level silicone masks, Apple claims that there is a one in a million chance of another person being able to beat Face ID. But could the company be wrong?

According to cyber security firm Bkav, Apple’s proclamation that its new facial recognition system can’t be fooled by impersonators, masks, or photos is not correct. A team of Bkav hackers and researchers say that they used a 3D printed mask, which only cost $150 to make, to fool the Face ID software in just a week.

“Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it,” Bkav wrote.

According to the company’s website, in 2008 Bkav discovered the first critical flaw in Google Chrome soon after it launched, making it the first company to discover just how vulnerable facial recognition can be when used as a log-in on laptops and other devices. Now, Bkav says that its 3D printed mask proves that Apple’s new Face ID is “not an effective security measure.”

“The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID,” said Ngo Tuan Anh, Bkav’s Vice President of Cyber Security.

3D printing technology and facial recognition have definitely been combined before, for reasons  such as challenging social media surveillance technologies, developing a smart mirror, helping people who are blind navigate facial cues in a social setting, and even giving someone a virtual makeover. However, more people are starting to use 3D printing to get past security measures, from 3D printed fingerprints and keys to cracking a safe, so using a 3D printed mask to fool facial recognition software definitely doesn’t seem out of the realm of possibility.

Bkav made a silicone nose and printed 2D images for the eyes to complete the 3D printed mask, which it says could be replicated by knowledgeable hackers with access to 3D scanners.

Bkav said, “Exploitation is difficult for normal users, but simple for professional ones.”

However, Bkav did concede that its 3D printed mask required a fairly detailed 3D facial scan, so it would be hard for a normal user to get past Face ID in this way.

“It is quite hard to make the ‘correct’ mask without certain knowledge of security. We were able to trick Apple’s AI, as mentioned in the writing, because we understood how their AI worked and how to bypass it,” Bkav wrote.

Bkav claims that its inexpensive technique could potentially be used to target important figures, such as chief executives and politicians. The company states that the best form of biometric security is a fingerprint, and Apple, which has not yet commented on Bkav’s 3D printed mask, says that its new Face ID software is not well-suited for twins or children under 13, so it appears that the security measure is definitely not foolproof.

What do you think about this story? Discuss this and other 3D printing topics at 3DPrintBoard.com or share your thoughts in the Facebook comments below. 

[Source: The Telegraph]