Technological advancement continues to bring out new challenges, as is the case with Apple’s new iPhone X which uses Face ID for authentication.
Upon the launch of the iPhone X, security experts, researchers, and those engaged in hacking began competing to see who will manage to compromise the feature in a bid to prove its ineffectiveness.
Among those who tried, the majority failed, whereas another party was successful.
In Hanoi, Vietnam, cybersecurity experts from Bkav corporations indeed proved that it is possible to compromise the so-called “secure” Face ID, proving to Apple and the world at large that the authentication procedure is not as effective as most people thought.
A YouTube video released by the security company demonstrates the tactic used to cheat Face ID – creating a 3D mask resembling that of the iPhone owner.
For about $150 USD, it is possible to acquire the items used, which include silicon and makeup for creating the costume and employing 3D printing to obtain the desired facial features.
However, the claim remains unsubstantiated as other security experts have yet to very if it is something possible. If it is correct, then Apple will be needing to look into their new technology with utmost precision to ensure that their customers do not fall victim to such methods.
As of now, ordinary iPhone users should not be very concerned about the issue; before one decides to hack their mobile device, a significant amount of time and effort are required.
The firm behind the allegations clearly state that as much as the concept is simple, it is very complicated to develop and is not something that an average person can do with ease. The level of sophistication and precision put into place while developing the mask was no easy task despite the appearance.
In the post by Bkav, Face ID involves three parts. The first part is taking a picture of the surface of the face. The second step is taking another image in the form of a mesh to obtain the 3D design of the owner’s face. And the third is using software to tell if the picture in front of the camera is real or not real.
When they were carrying out their experiment, the researchers used a scanner which scanned the image of the person and proceeded to use the output to produce a printed mask that bypassed the security of the Face ID authentication.
Of course, it is important to for the recognition system to determine the difference between real and virtual objects for the authentication process to be secure. In most cases, an algorithm takes into account the various facial features of a person, such as the spacing between different organs and their sizes.
However, before the release of the iPhone X, Apple claims to have worked with various parties who have experience in developing 3D masks to ensure that their system is protected from hacking attempts.
With this, it is ironic that a group of hackers from Vietnam have managed to compromise the authentication feature.
Bkav has called upon the manufactures of the iPhone to look into their creation to further secure it for the safety of their users. If they do not do such, then Apple will have developed something much worse than the Samsung Iris scanner, which is also fooled by masks but can tell the difference between twins, says the firm.
The notable part about this experiment is that it is a proof of concept, and they are not trying to exploit the vulnerability that has been identified. For this reason, Bkav is willing to share their findings with Apple to protect ordinary users.
If Apple approaches the company to verify if the allegations are true, then Bkav is likely to land a lucrative business deal with the tech giant. Of course, this will see them play a significant role in sealing the loophole so that users have secure gadgets.
Bkav further brags that they are among the leading security companies, and this the reason why they have succeeded in compromising the Secure Face ID – something that others, like Wired, failed to do so.
Apart from Bkav demonstrating that the facial recognition of smartphones can be compromised, they also managed to prove that the same can happen with the webcams on laptops from top manufacturers.
The good thing about the Hanoi based firm is that upon discovery of a particular vulnerability on any given system, they enlighten the general public as well as manufactures of the product.
What’s more, they are willing to share their findings with relevant parties to ensure that a solution is arrived at with immediate effect. Furthermore, they give recommendations to both customers and manufacturers of the given products.
As it is, some parties involved in research are still puzzled as to how a 3D mask for less than 200USD has been able to bypass the authentication procedure and yet others who tried using masks made at a higher cost failed.
As things stand, it is up to the manufactures to ensure that their products meet the security expectations of users.
Following revelations from security companies, they should not take the matter lightly, but rather dig deeper to find out if allegations are true or false. If they are found to be true, then further measures ought to be put in place to ensure that the matter does not get out of hand.
In the past, various companies have recalled their products for software updates to ensure that security is prioritized; the same should happen in the case of Apple and other products not only now, but in the future as well.