Authentication for Apple’s most recent iPhone was recently bypassed by a 10-year-old boy who used Face ID to access his mother’s iPhone X, by a set of twins, by a pair of half-brothers from Britain and even by a 3D-printed mask in Vietnam.
According to Apple’s support page, “the TrueDepth camera captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of your face and also captures an infrared image of your face.“
The TrueDepth camera system that “accurately maps the geometry of your face” is also used to authorize purchases and payments. If a 10-year-old was able to trick it in a split second to read his mom’s messages, emails, and who knows what else, he could also bypass security and make various payments. The story was meticulously analyzed by Wired.
The revolutionary shift from Touch ID to an experimental facial recognition system got Apple fans excited, especially because after you “enroll” your face, Apple claims the technology detects how facial features change with age, hairstyle, makeup, or facial hair. However, Apple admits that, when identical twins or even other family members are concerned, the phone’s owner should also rely on traditional authentication methods.
“The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a passcode to authenticate,” says Apple support.
So how did the Vietnamese mask fool the login security system? Made from a mix of plastic, silicone, makeup, and paper, the mask cost merely $150 to make. If Vietnamese researchers from Bkav Corporation took less than a week to hack the “revolutionary authentication methods,” does this mean any hacker with access to a 3D printer could do the same?
If you opt for facial recognition technology, we recommend 2 actions to keep your data safe: enable traditional authentication methods and augment them with a security solution such as Bitdefender Mobile Security for iOS. It provides security and privacy in a single application designed to keep your sensitive data safe against prying eyes by blocking the device remotely in case of loss or theft.
With the help of Bitdefender Mobile Security for iOS, you make sure whatever is stored on your device remains inaccessible to other people. If you’re truly concerned about online privacy with this app you get to discover whether your email accounts have been leaked. Simply validate your e-mail address within the app and Bitdefender Mobile Security for iOS will let you know if it’s time to change passwords.