A Vietnamese Security Researcher shows how to hack Apple’s Face ID

A publication on Friday by Bkav, a Vietnamese cybersecurity firm, that it had broken Apple’s Face ID, and A video apparently showing an iPhone being opened when pointed at a mask, was greeted with some skepticism.

 Ngo Tuan Anh, Bkav’s vice president, gave News several demos, first unlocking the phone with his face and then by using the cover. It seemed to work each time.

However, he refused to register a user ID and the mask on the telephone from scratch because, he said, the iPhone and mask need to be fixed at very specific angles, and the mask to be refined, a process he said could take up to nine hours.

Apple declined to state, referring reporters to a page on its website that explains how Face ID works.

That page says the chance of a random person opening another user’s phone with their face was about 1-in-a-million, compared to 1-in-50,000 for the earlier used fingerprint scanner. It also says Face ID allows only five unsuccessful match attempts before a passcode is required.

Anh confirmed that preparing the mask wasn’t easy, but he said he assumed the demonstration showed facial recognition as a way to validate users would be risky for some.

“It’s not easy for regular people to do what we do here, but it’s a concern for people in the security sector and significant people like politicians or heads of corporations,” he said.

“These important people should unquestionably not lend their iPhone X to anyone if they have initiated the Face ID function.”

It’s the first proclaimed case of researchers obviously being able to fool the Face ID software.

Cybersecurity experts said the issue was not so much whether Face ID could be broken, but how much effort a hack required.

“Nothing is 100 percent secure,” wrote Terry Ray, chief technology officer at U.S.-based cybersecurity company Imperva, in a note. “Where there’s a will, there’s a door. The questions are: How much trouble would someone go to, and how significant would they spend, to get your data?”

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil