- Was Bloomberg owned harder on the debate stage or by Twitter? 2 Years Ago
- Make ‘Animal Crossing: New Horizons’ your desert island game 2 Years Ago
- Everyone’s trying to dance like Jennifer Lopez on TikTok Today 8:27 AM
- Why the coronavirus bioweapon theory persists Today 7:57 AM
- You won’t see deleted scenes on the ‘Rise of Skywalker’ home release Today 7:47 AM
- The return of ‘Star Wars: The Clone Wars’ throws you right back into the fight Today 7:00 AM
- Am I overreacting to a Facebook message from a dating app match? Today 6:00 AM
- Buttigieg, Klobuchar come together to laugh at Bloomberg Wednesday 10:29 PM
- Bernie Sanders calls Bloomberg’s wealth ‘grotesque’ to his face Wednesday 9:53 PM
- Angry Bloomberg asks debate moderators if he’s ‘chicken liver’ Wednesday 9:29 PM
- Elizabeth Warren savages everyone else’s healthcare plan Wednesday 9:07 PM
- K-Pop stans help push ‘Pooping for Kaitlin’ hashtag mocking Kent State gun girl Wednesday 8:54 PM
- Fans speculate after learning Pop Smoke posted address prior to fatal home invasion Wednesday 8:11 PM
- Jar of human tongues found in Florida has people shook Wednesday 6:39 PM
- Video of Blueface teaching Obama lookalike to dance is turning heads Wednesday 5:58 PM
Last month, security firm Bkav released a video supposedly demonstrating how it tricked the iPhone X’s Face ID authentication method using a mask made of plastic, silicon, and paper cutouts. The low-quality video had its share of skeptics who questioned its authenticity and feasibility.
The group took those criticisms to heart and has now released a second video that shows Face ID being set up in real time before it gets fooled by a rather crude-looking mask. Dubbed the “artificial twin,” this new mask is made of stone powder and printed infrared images. As you can see in the clip, the researcher removes his profile from Face ID, re-enrolls his face, then unlocks the phone by aiming its front-facing sensors at the mask. The iPhone X grants it access on the first attempt.
With its mask, Bkav is exploiting the same vulnerability in Face ID that Apple admitted to: It’s not very good at distinguishing between twins or people who look alike. That claim has been tested numerous times in the past month with mixed results. The iPhone X failed to tell twins apart in Mashable’s tests but didn’t have any problems when Business Insider tried a similar experiment. The most concerning Face ID fail yet was when a 10-year-old boy broke into his mom’s fancy new $1,000 device.
“With this new research result, anyone can be ‘cloned’ to make a ‘twin’ mask of himself/herself,” Bkav wrote in a blog post. “Thus, Bkav recommends Apple to give another recommendation similar to the twins’ one, which means that iPhone X users should use passcode in all cases of sensitive data or business transactions.”
If that wasn’t bad enough, Bkav claims its second edition mask is “very simple” to make and can be done without raising the iPhone X owner’s suspicions. All that’s needed is a room full of cameras. When an iPhone X user walks in, the cameras stealthily take pictures of their face at different angles and combine them into a single 3D model.
Of course, that’s not something that can realistically be accomplished by the average person. But there are concerns that organizations could use the hack to steal private information from politicians or celebrities. It’s no surprise then that Bkav prefers fingerprint authentication, which it claims is the “most secure biometric technology.”
If you value your privacy, consider going back to the trusty passcode—at least until Apple addresses these findings or issues an update.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.