From 4-digit PIN and patterns to fingerprint scanners and facial recognition, the smartphone security system has come a long was and when Apple introduced the iPhone X's Face ID, the feature was deemed to be the future of smartphone security.
Apple claimed that there's a one in one million chance that a random person's face would fool Face ID and unlock the iPhone X. But we are increasingly seeing videos and reports that suggest that the advanced security feature can be breached by not just your identical twin but by a stranger who looks somewhat similar to you.
Now, researchers at a security firm called Bkav claim to have "thwarted" Face ID by using a specially-built mask. The team did not strive for a life-like mask but built its mask with the aim of tricking the Face ID's depth-mapping technology.
The team has made the face or rather the frame using 3D printing technology and hand-crafted "skin" which covers the areas surrounding the eyes and mouth. The eyes are 2D images while the nose is made out of silicone. The mask actually seems to work, as you can see from the clip below.
The researchers maintain that they didn't have to cheat to make it work. The Face ID in the iPhone X used for the test was set up using a real person's face. They also claim that it cost them roughly $150 in supplies (excluding the 3D printer). However, the demo shows the iPhone unlocking in the first try itself, although it is not clear how many unsuccessful attempts Bkav had before producing a mask that actually worked.
The company says that they started working on the mask on November 5 and completed the project in just 5 days.
But should most iPhone X users be worried?
Not really. The security firm also acknowledges that "normal people" shouldn't be worried about their iPhone X Face ID being compromised by such masks, as the effort it takes to make such masks is simply too much. However, this should concern high-value individuals like politicians and businessmen.
Moreover, the whole experiment was conducted to show that biometric sign-ins are just about convenience and not completely foolproof.