- #ICEBae is reportedly a Democrat–and she has some things to get off her chest Tuesday 8:45 PM
- Fans are stoked that Taika Waititi is back to direct ‘Thor 4’ Tuesday 7:22 PM
- Sacha Baron Cohen thanks ‘co-stars’ Dick Cheney, Sarah Palin for making Emmy nominations possible Tuesday 6:43 PM
- Roger Stone barred from posting on all social media platforms Tuesday 6:03 PM
- The FaceApp challenge shows you how gracefully you’ll age Tuesday 5:16 PM
- Kylie Jenner opens up about her mental health in candid Instagram post Tuesday 4:38 PM
- Fans speculate wildly about Naomi Watts’ ‘Game of Thrones’ prequel role after leaked set photo Tuesday 3:54 PM
- New Jersey congressman joins House Democrats ‘Squad’ because of an Onion article Tuesday 3:09 PM
- Twitter begins rolling out new desktop redesign, and users aren’t happy Tuesday 1:54 PM
- Man asks his girlfriend to ‘unlove’ her ex—and people do not agree with him Tuesday 1:37 PM
- Relive a forgotten gem with the TurboGrafx-16 Mini console Tuesday 1:09 PM
- Judge says Daily Stormer founder must pay $14 million for harassing Jewish realtor Tuesday 1:01 PM
- Graphic depiction of suicide cut from Netflix’s ’13 Reasons Why’ Tuesday 12:55 PM
- Streaming titles seize 2019 Emmy nominations Tuesday 12:19 PM
- ‘Frankenstein’s Monster’s Monster, Frankenstein’ tries to find humor in bad actors Tuesday 12:02 PM
Security researchers consider this a ‘critical vulnerability.’
Last month, security firm Bkav released a video supposedly demonstrating how it tricked the iPhone X’s Face ID authentication method using a mask made of plastic, silicon, and paper cutouts. The low-quality video had its share of skeptics who questioned its authenticity and feasibility.
The group took those criticisms to heart and has now released a second video that shows Face ID being set up in real time before it gets fooled by a rather crude-looking mask. Dubbed the “artificial twin,” this new mask is made of stone powder and printed infrared images. As you can see in the clip, the researcher removes his profile from Face ID, re-enrolls his face, then unlocks the phone by aiming its front-facing sensors at the mask. The iPhone X grants it access on the first attempt.
With its mask, Bkav is exploiting the same vulnerability in Face ID that Apple admitted to: It’s not very good at distinguishing between twins or people who look alike. That claim has been tested numerous times in the past month with mixed results. The iPhone X failed to tell twins apart in Mashable’s tests but didn’t have any problems when Business Insider tried a similar experiment. The most concerning Face ID fail yet was when a 10-year-old boy broke into his mom’s fancy new $1,000 device.
“With this new research result, anyone can be ‘cloned’ to make a ‘twin’ mask of himself/herself,” Bkav wrote in a blog post. “Thus, Bkav recommends Apple to give another recommendation similar to the twins’ one, which means that iPhone X users should use passcode in all cases of sensitive data or business transactions.”
If that wasn’t bad enough, Bkav claims its second edition mask is “very simple” to make and can be done without raising the iPhone X owner’s suspicions. All that’s needed is a room full of cameras. When an iPhone X user walks in, the cameras stealthily take pictures of their face at different angles and combine them into a single 3D model.
Of course, that’s not something that can realistically be accomplished by the average person. But there are concerns that organizations could use the hack to steal private information from politicians or celebrities. It’s no surprise then that Bkav prefers fingerprint authentication, which it claims is the “most secure biometric technology.”
If you value your privacy, consider going back to the trusty passcode—at least until Apple addresses these findings or issues an update.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.