Security & Fraud

Apple’s Face ID Hacked By Vietnamese Researchers

Vietnamese hackers who previously said they could bypass Apple’s Face ID biometric phone security with a mask claim to have hacked the iPhone X again, this time with more evidence of their success.

According to news from Forbes, Vietnamese cybersecurity company Bkav posted a video that shows how a researcher was able to reset the facial recognition enrollment, enroll his own face and then unlock the iPhone X seconds later. The researcher used a mask made of a 3D printed visage and 2D printed eyes — which cost less than $150. The researchers called their mask the artificial twin, since it was similar to the mask it used when it first hacked Face ID.

“About two weeks ago, we recommended that only very important people, such as national leaders, large corporation leaders, billionaires, etc., should be cautious when using Face ID,” said Bkav VP of Cybersecurity Ngo Tuan Anh in the report. “However, with this research result, we have to raise the severity level to every casual [user]: Face ID is not secure enough to be used in business transactions.”

A spokesperson for Bkav told Forbes it has decided not to alert Apple to the new way it was able to fool Face ID, since the company hasn’t responded to media reports about the security of the facial recognition biometrics technology on the iPhone X following the initial hack.

While Bkav was able to use a mask to unlock a user’s iPhone X, the cybersecurity firm didn’t address if a mask-based attack could happen in the real world. After all, the bad guys would need an accurate scan of the target’s face and then would have to spend the time and effort to create the mask. They would also have to make sure the mask is aligned with the phone at a specific angle in order for the hack to work.

“What the experiment does show is that a static mask can fool the Apple technology that is supposed to ensure that only a living face is recognized. Once that is possible, it then becomes theoretically possible to produce a static mask to open the device,” security and encryption expert Professor Alan Woodward from the University of Surrey in the U.K said in the report.



The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.