Why It's Not a Big Deal That Masks Can Fool Face ID on the iPhone X
Vietnamese cyber security firm Bkav
to have already tricked
How Bkav Beat Face ID
According to Bkav, all you need to make a mask that can trick Face ID is a scan of the person's face and about $150 worth of materials.
The second part is easy. The mask was made using some sculpted silicon, printer plastic, makeup and paper cutouts. Key areas, like the eyes and mouth, were actually recreated with 2D photos pasted onto the 3D surface. The design was based on the discovery that Face ID only scans about half of your face and allegedly doesn't require eye movements to work, making it surprisingly easy to fool.
The first part is a little more complicated, though. Bkav used a handheld scanner that took five minutes to work. So the only way to scans someone's face is to be in the same room, with their participation (either by choice or forced).
Why You Shouldn't Be Worried
The fact that someone would need to be in the same room with you means this Face ID hack isn't much of a threat to most people. Bkav notes that world leaders and CEOs could be at risk from a targeted attack, but for the rest of us, it's not worth worrying about.
Down the line, it's possible you could get the same results by quickly scanning someone's face with a smartphone camera or even using photographs. But again, you don't need to worry about that at the moment.
We also still don't know how legitimate Bkav's claims really are. The company may have purposefully done a poor job setting up Face ID so it was easier to trick, which would discredit the results. Bkav declined to answer a list of questions from Wired , but said it would reveal more at a press conference this week, so we should learn more soon.
Until then, there's no reason to stop using Face ID, unless you simply find it annoying to use.