Cybersecurity firm tricks Apple’s Face ID with painstakingly built 3D mask

“A cybersecurity firm have apparently successfully tricked Face ID into unlocking with a specially made mask, imitating a real person’s face,” Benjamin Mayo reports for 9to5Mac. “The security researchers say they only unlocked the iPhone X with a real person’s face, so the iPhone could not learn false data from the mask.”

“How much of a security flaw this really represents is up for debate of course,” Mayo reports. “Making the mask only cost $150 in materials, but required access to a detailed scan of the person’s facial features and many hours of work by artists.”

“The practical value of this disclosure is arguable. Face ID being fooled by a photograph is one thing, being fooled by an accurate mask is quite a high barrier,” Mayo reports. “However, it does show that a targeted attack on specific important individuals could be possible. The researchers suggest that Face ID’s weaknesses mean it should not be used by CEOs or presidents, for instance.”

Read more in the full article here.

MacDailyNews Take: We’re not worried about this in the least. If anything, it shows how difficult it is to trick Face ID.

Those squawking about this (for the 15 minutes this particular Apple FUD “controversy” lasts) are the same fools who’ve already uploaded their lives to Google and Facebook while mailing other firms their DNA.

And, of course, Apple’s Face ID will only get smarter and tougher to deceive over time.

Plus, once everyone finally gets chipped, security systems will know if what they’re looking at is alive or not. 😉


  1. “are the same fools who’ve already uploaded their lives to Google and Facebook while mailing other firms their DNA.”

    Very true. This isn’t worrisome over us normal schmucks. Someone with a close enough line to the President however…. Protect Botty at all cost!

    “Plus, once everyone finally gets chipped, security systems will know if what they’re looking at is alive or not.”

    Couldn’t tell you when I’ll get hung, but I think I know “who swings first”!

    1. I watched the included video at least ten times and there things wrong with what Bkav is doing.
      First of all, their VP of Cyber Security is swiping up immediately as soon as the enter passcode screen appears when the iPhone X comes on . . . but THAT IS NOT WHAT HAPPENS when an iPhone X comes on.

      The passcode screen appears only when you want to enter the passcode if you are not going to open it without FaceID by swiping up and then waiting from the normal lock screen after it does not recognize your face. It does NOT appear just when you start the iPhone X. It will only appear when there is a problem with FaceID or you have not trained the iPhone X for FaceID.

      Secondly, I noted is Bkav stated they were going to have a FaceID mask WITHOUT a passcode. SAY WHAT? That is not possible. Apple has programed the iPhone X to not allow a FaceID without a passcode as a safety fall back.

      Thirdly, I watched the lock at the top of the screen. . . and it NEVER, EVER ANIMATED the UNLOCK motion of a padlock unlocking. He just quickly swiped up and the ten key unlock screen disappeared to reveal the home screen as if he had actually unlocked the screen. On my iPhone X, if I attempt to swipe up before that padlock unlocks, it is not unlocked. And my lock screen bounces back down. His motion is TOO QUICK to see what is actually happening.

      Fourthly, the FAQ above about “covering half your face and it still works” is completely bogus”. I just sat here and covered various halves of my face and the lock shook “NO” each time and refused to unlock with each half covered, no matter what half I had covered. So, they lied.

      As Judge Judy says, you lie in one part of your testimony, all must be suspect.

      Fifthly, the claim that a working 3D mask could be made from a photograph is entirely bogus. No mere artist working from a photo can ever construct a truly accurate 3D image of the real person the photo imaged. It is just not possible. There are just too many variables. Yet, Bkav tosses this off as something easy.

      Sixth, the masks that Apple created to do their testing were far more sophisticated than Bkav’s mask. These professional mask makers made masks that are indistinguishable from their models, down to the micrometer and they failed to unlock FaceID. Bkav making their mask’s nose out of silicone by hand, especially ad hoc, means NOTHING dispositive because the infrared light is not going to treat it differently than it would a real nose, makeup, or any other surface. This is just bogus magician’s patter, misdirection, by use of techy terms, just as is the claim of “using an artist to make the skin surface,” to sound like it was really important to make a mask that was “so complex” to “fool the AI.”

      Seventhly, say that again: “Fool the AI”? The “AI” is a fast calculating Neural Engine that can do 600 billion calculations per second to adjust for every possible angle the face may be looking at the sensor and comparing to the reference face data.

      Eighthly, one of the things FaceID is looking for is an actual look from the user’s eyes toward the sensor. . . something a MASK, especially one mounted as this one is, with fake eyes, cannot do.

      Ninthly, the amount of time it would take to make such a mask to target any individual iPhone X user is most longer than the maximum 48 hours FaceID would likely be available to unlock the device on a trial and error testing that such a mask obviously holds. . . during which time it could be disabled in minutes by FindMyiPhone if stolen or lost. Any of the targets they list were arrested, kidnapped, or compromised, etc., they’d be smart to have someone trusted left, say their attorneys, with instructions to brick their iOS devices they have with them. So much for this as a security issue.

      Finally, this is a company that is NOT a security firm. They are a company that SELLS a competing ANDROID PHONE. . . one that uses a fingerprint sensor for security, these claims are really suspect. . . and they are attempting to push their phone’s security as being much more secure than Apple FaceID.

      From all of the above, I think that it appears that what they are doing here is bringing up a static screen shot of the passcode entry screen and merely swiping up to reveal the home screen. The timing is right, the speed is right, and the motive is there.

      This is the typical approach of a marketing ploy of a company with something to sell smearing the more secure competitor claiming they’ve found a way around their competitor’s security. . . by spreading Fear, Uncertainty, and Doubt.

  2. This is the same as the guy who fabricated fingerprints using 3D printers and several days in time. Totally impractical. By the time you finish your mimic the phone will require a code.

    This guy doesn’t even state if Alert to Unlock is enabled. Looks like it might not be. Which makes this not a very good trick.

    1. No Paul, that hack was done within a couple hours max after the source fingerprint was stolen. It’s an entirely viable security hack.

      This mask hack is, by contrast, extremely difficult and might require kidnapping the victim in order to get an adequate face scan, so what’s the point. There are several very good Face ID test videos up on the net that make it clear that Apple’s camera sensor system is no pushover.

      1. Derek, I think the FaceID hack is a Hoax.

        The so called 3D printed frame looks more like a fiberglass or plaster tape mould than anything 3D printed (it lacks any artifacting that can normally be seen on 3D printing and actually shows the criss-cross tape patterns. There are even raggedy threads in several areas hanging from where it was cut to allow the eyes and mouth to be inserted. The Right Eye (viewer’s left) mould appears to have been crumpled before it was inserted and has creases across it which certainly do not exist on the user’s real eye. No 3D infrared sensor would fail to sense the obvious pleats where the tapes overlap on the “frame’s nose bridge” and in the right eye.

        Bkav talks about having an “artist” make the skin texture and no explanation as to why an “artist” could do anything that would improve on a machine’s accuracy on skin texture, but enlarging the image finds no such skin texture anywhere on the areas they refer to, which is rough and essentially raw. . . nor is there anything appearing to be “special processing” to the brow above the bridge of the nose.

        There is NO WAY this mask could fool enough of the 30,000 infra red dots sufficiently to be accepted as the same as a full face to unlock the iPhone X.

    2. No, it is not. The TouchID hacks never really worked from fingerprints grabbed from other sources. It was claimed it did but it was not. 3D fabricated fingerprints will not work. See my comments above.

  3. Same person who did the “3D fingerprint” stuff when Touch ID came out, and it doesn’t state if the alert to unlock is enabled or if it prompted for a passcode. Same dubious crap from 2013 just recycled, and building that kind of a mask to begin with takes days and by that time the phone would reset with a passcode anyway. Nonsense.

      1. Living in the UK, I didn’t know of Rodney Dangerfield, but having looked at some of his one-liners, I can see what you mean.

        When I wrote that gag, I was thinking of the style of the British comedian Les Dawson ( who most Americans will never have heard of ). He had a very similar sense of humour, such as “I call my wife ‘Treasure’ … she reminds me of something that’s just been dug up, or “I got home last night, the wife was in the kitchen. I knew she was getting my dinner ready … I could hear the fire extinguisher going.”

  4. This is not unexpected, people for sure will try to get around this sort of security, putting testing to try to break it. There are lots of circumstance in the fictional realm where one or more items like the fingerprint, eye scan, voice print, security card, stool sample etc. are replicated and used to bypass a security system.

    The researchers could have made a comment that national leaders (monarchs, ministers and so on) should not use the system either, after all Apple is a global company.

  5. It would be a lot quicker and far simpler to put a gun against someone’s head and tell them to unlock their iPhone. Would that be considered a security flaw as well?

    1. It’s not truly a cybersecurity firm. It’s a Vietnamese Cellular phone maker who makes and sells an Android phone that uses a fingerprint sensor protected phone called the BPhone. They link to sales pages throughout their supposed hack of FaceID claiming their fingerprint sensor is more secure than Apple’s FaceID. . . and that their clown mask is far better than the professionally made masks down by people who make their living replicating the faces of living people in Hollywood. . . and the reason that Wired Magazine’s attempt failed was “We are Security Experts and know more than anyone else.” That’s a logical fallacy called appeal to authority. . . their own. They then point to the fact they used a “silicone nose” as if that made a difference. Wired made masks from silicone, latex, plastic, paper, and several different materials. All failed.

    1. I agree it’s fake. . . but not that way. If you watch the demo, you see the padlock icon’s bail never opens. Also the iPhone X turns on to the passcode entry screen. According to Bkav, they trained FaceID WITHOUT entering a passcode. That should not be possible. Apple designed it so that if you enter a FaceID (or previously TouchID) you had to enter a fall back passcode so that if either failed to unlock the device, you could still unlock it with your passcode.

      However, when the iPhone X turns on, it opens to the LOCK screen, not the passcode entry screen. . . which you should not see if, as they claimed they had not provisioned, you should not see. It should open to the splash screen.

  6. We’ll soon know if this technique is viable. If the FBI start buying equipment to create 3D masks, then there may be something in it.

    On the other hand, if the backlog of locked iPhones in law enforcement offices keeps increasing, then we can assume that 3D printed masks are as useless as 3D printed fingerprints for unlocking other people’s iPhones in real world circumstances.

    Just because somebody publishes a video of something, it doesn’t mean that what they have demonstrated is something which will work under normal circumstances. If they can demonstrate taking some random person’s iPhone X and unlocking it in this way then there might be cause for concern, but until then it’s just a video which could be rather like a magician’s illusion.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.