The Vietnamese team is at it again with a new Face ID hack with a US$200 ‘Evil Twin’ mask. In the previous hack (which wasn’t really a hack), the researchers made a 3D scan of a person’s head, then created a mask using latex. But the team didn’t show the Face ID enrollment process, or how long it took to unlock the iPhone X with the mask. With this latest proof-of-concept, they’ve answered these questions. (via Forbes).
Face ID Hack Mask
In a video, the team shows version 2.0 of the hacking mask, which you can see below. The team named the mask the ‘artificial twin’ because it attempts to replicate what would happen if a person’s identical twin unlocked an iPhone X.
A spokesperson for the team said they chose not to tell Apple about their new techniques because the company didn’t respond to reports of the previous hack. Ngo Tuan Anh, Bkav’s vice president of cybersecurity. said:
About two weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc., should be cautious when using Face ID…However, with this research result, we have to raise the severity level to every casual users: Face ID is not secure enough to be used in business transactions.
The team used a 3D scanning booth for the mask, taking photos of a person at different angles in two seconds, along with an infrared image of your face. Then, using a 3D printer with stone powder as material, they print the twin mask of your face. Using the infrared image, they cut the eyes from the image in a way that it tricks Face ID (in a manner not disclosed), then glued the eyes to the mask.
Just like the last test though, this isn’t something your average criminal isn’t likely to do. This requires specialized tools to target specific individuals. “…However, you can see from the way this experiment is done it is very tricky to position the device just so. That suggests that mask has to be used in very particular circumstances.”