Company behind bypassing Face ID shows new technique in more extensive video
The Vietnamese security company Bkav, which earlier this month managed to circumvent Face ID with a mask, has published a more extensive video in which it again circumvents the security measure with a new mask.
The more extensive video shows the entire process of an attack, for example how a researcher first removes his face from Face ID and registers it again. In addition, you can see how long it takes to unlock the iPhone X with the mask. This happens almost immediately after the researcher holds the phone in front of the mask. It seems that the position of the mask plays an important role. The security company writes that in this case it has used a $200 3d-printed mask made of stone powder. This would be more likely to trick Face ID than the original mask.
Bkav further reports that it has pasted infrared photos of the researcher’s eyes onto the mask. The pictures needed to print the mask are taken within seconds in a room where cameras are set up. The company does not report to what extent this lends itself to an actual attack.
The company mentions the fact that Apple already said when presenting Face ID that the system is unsuitable if someone has an ‘evil twin’. In its security paper on Face ID, the company also writes that a passcode remains the basis of security in iOS. Face ID can be used, among other things, to make payments with Apple Pay.