Hackers crack latest Apple security feature: Face ID

If you’ve ever owned an iPhone, then you’ll likely have unlocked it using your passcode. As the tech giant’s smartphones became more sophisticated, Apple introduced fingerprint recognition, allowing you to unlock your phone with just your fingerprints. Now, with the iPhone X, the company has finally ditched the home button from their designs, using an edge-to-edge screen, which means no more placing your finger over the scanner.

So, what does this mean for you when it comes to unlocking your phone? If you’ve opted for the cheaper – yet still pricey – iPhone 8 or iPhone 8Plus, then you’ll still be using fingerprints or passcodes. However, the iPhone X, pronounced ‘iPhone Ten’, is the first model to use Apple’s newest feature: Face ID.

How does Face ID work?

Face ID is literally just as it sounds; the iPhone X uses this recognition system to provide access to the phone after verifying your identity through your facial features. Just like with your fingerprints, it compares your real-life face against a stored representation of it, which you set up for the first time when you set up your phone. You’ll have done the same thing for your fingerprints on earlier models.

To set up Face ID, the phone has you twist and turn your head in different directions, which allows a combination of light sensors and projectors to work together with the camera, creating a detailed map of your face. This process uses infrared light, which is invisible to the naked eye, meaning it can work in conditions of very low light.

When you come to unlock your phone, your face is compared against the stored ‘image’, and a score of between 0 and 1 is computed by the device. A certain threshold must be met to pass the phone’s security measures, with a score closer to 1 meaning it’s a match, but a score closer to 0 meaning it’s the wrong person. The higher-risk the action, such as making a valuable purchase, and the higher the threshold will be set by the device.

How have hackers overcome this security feature?

On Friday 10th November, just a week after the iPhone X was released, a Vietnamese security firm known as Bkav claimed to have broken through the Face ID security process using a simple mask, 3D printed from plastic, with silicone and makeup. The mask used basic paper cut-outs to enhance the comparability between the mask and the person that it represented. At the time, the company did not provide any evidence of this hack being carried out and general concern amongst the industry was pretty low.

However, the hackers have returned with a new set of compelling evidence, including video proof of their ability to circumvent the feature, and they’ve created yet another mask to do so. Again, as well as claiming that they have broken through Face ID without the real user’s face being present, they’ve also recorded their proof to share with the world.

In addition to these targeted attempts at gaining access to the phone, there are some videos already floating around on YouTube, recorded by members of the public, which show family members gaining access to each other’s phones when they look similar enough in appearance. Indeed, Apple even admitted during the iPhone X launch that there is a chance family members could break through the security if the resemblance was strong.

What this means for you

As a casual iPhone user, you don’t really have much cause to be concerned at this point. The masks created by the Vietnamese security firm required around 5 minutes’ worth of complex facial scanning to reproduce, as well as high-quality materials, meticulous craftsmanship and, of course, access to the target’s phone for a prolonged period of time.

Unless you’re an undercover spy, world leader or highly-popular celebrity, then it seems highly unlikely that anybody would go to such extreme lengths to gain access to your phone. That said, should you not want to take part in the Face ID revolution, then you can easily switch it off in the iPhone settings and revert to using your fingerprints, or alternatively, a passcode.

Any questions?

If you’ve recently picked up the iPhone X and want any general feature guidance, or even help with switching on or off Face ID, then you can speak to Wise Guys on 0808 123 2820. We offer iPhone support and guidance for all models.