It seems that the Vietnamese security company Bkav Corporation has wanted to repeat the experiment a few weeks ago with some variations in its method. The company claims to have again tricked Face ID to unlock an iPhone X under more stringent conditions. Let's take a look at this new chapter, whose plot is different but the conclusion is the same as a few days ago.
Another nightmare mask under very special conditions
In the video above we can see the author of the same deception to Face ID a few weeks ago, starring in this second test. Again, we see a mask taken out of the worst nightmare hidden in the darkest corner of our subconscious. As they explain in the video, it is a mask made with stone dust on a 3D printer to which two 2D photos of the user's eyes have been pasted.
They have left behind the creation of a nose in silicone by an artist, as well as its later hand-painted, as well as the photographs that represented the mouth and lips in 2D. The mask brings color to the face, which is a step forward with that of the previous experiment.
After presenting the proof of concept, Bkav shows in the video how he deletes the Face ID profile of an iPhone X, enlists the user again and places the terminal in front of the mask. Face ID recognizes the user even with Attention Awareness activated, the function that forces the user to look directly at the iPhone to unlock it. No failures and no learning period, as we speculate in the first version.
What has not changed much are the amount of conditions and asterisks necessary for this deception to work. Specific:
A 3D object printer.
High-resolution, front-facing photos for the eyes, with the added bonus that they should look forward to an alleged iPhone X.
A camera capable of recording the subject in front and in 3D.
Have a room ready to capture 3D images if you do not have that camera.
Access to the user to be able to photograph it in 3D.
Physical access to iPhone X.
What the authors do not say is how many tests they have had to do to make it work or how long they need to have physical access to the iPhone X. Two key points for the realization of both this deception and its previous version.
Face ID remains a reliable security system.
The authors of this proof of concept claim that Face ID is not a secure system because it can be deceived by a mask that simulates being a twin of the user. It is a weakness that Apple has already confirmed in the past, where Face ID may not be as reliable between twins, close relatives or children under 13 years of age.
Especially if you train the recognition system to accept the face of other similar users. This can be achieved if we enter the password when Face ID does not initially recognize the familiar face. But this requires a deliberate effort on the part of the user or very specific cases, where Apple recommends using a code if it is a problem.
Researchers take advantage of a limiting case to apply a laborious method that requires many assumptions
As happened with the deception of Touch ID in 2013, circumventing Face ID requires a conjugation of resources, situations and circumstances that are so specific and difficult to achieve that they make it unfeasible. The average user does not have to worry about having a neighbor scan his or her face when entering the portal, buy a 3D printer to reproduce the face, steal the iPhone X and dispose of it before it is recovered or deactivated. remote All this without the user noticing.
There is no way to scale this system of deception to Face ID to replicate it in multiple devices quickly, which would be the really worrying thing. Neither is there a magic wand or a back door to Face ID that comes standard on all iPhone X. But that will not prevent them from appearing this type of evidence, which more than anything teach the practical limits of Face ID.
Throughout this discussion, we have ignored a fundamental element that differentiates Face ID from Touch ID: Apple can retouch and refine the neural network that allows you to recognize faces with an iOS update; that with Touch ID is not possible. It is expected that Face ID will be refined with the passage of time to gradually close some of these situations.