Security firm Bkav: Face ID not secure enough for business transactions



You might recall that earlier this month, we told you that Vietnamese security firm Bkav had invented a mask that apparently defeated the Apple iPhone X's Face ID. The company has reached out to us this morning to tell us that it has invented a new mask that will allow twins to defeat Apple's facial recognition system. And with that, comes a warning. The security firm recommends that iPhone X users do not use Face ID to verify their identity in financial transactions. That would include not using the facial recognition system with Apple Pay.

As noted earlier this month, Bkav strongly believes that fingerprints are the best biometric protection that iPhone users can employ. That goes against Apple's declaration that there is only a 1 in 1 million chance that Face ID will unlock an iPhone X for the wrong person. At the same time, Apple says that the odds of the fingerprint based Touch ID unlocking an iPhone for a stranger is 1 in 50,000. But Bkav notes that collecting a fingerprint is much harder then taking photographs secretly from a distance, which is one of the requirements necessary to build the mask.

The new mask made by Bkav costs approximately $200 to create. It is made of stone powder and uses 2D images of the eyes glued into place. Bkav researchers say that the 3D mask is easy to make without the iPhone X owner's knowledge.


Bkav has produced a new video which you can view at the top of this story.

source: Bkav

Related phones

iPhone X
  • Display 5.8" 1125 x 2436 pixels
  • Camera 12 MP / 7 MP front
  • Processor Apple A11 Bionic, Hexa-core, 2390 MHz
  • Storage 256 GB
  • Battery 2716 mAh(21h 3G talk time)

FEATURED VIDEO

47 Comments

1. Arch_Fiend

Posts: 3938; Member since: Oct 03, 2015

Touch ID FTW!

19. Phullofphil

Posts: 1740; Member since: Feb 10, 2009

This crap will come out every time a new way to unlock your phone comes out. You can easily trick fingerprints well more so than Face ID. But if you want more security don’t use either. Use a longer password and or don’t use a phone if you have that much top severer stuff on there because sombody can hacke anything that will ever be built.

32. Arch_Fiend

Posts: 3938; Member since: Oct 03, 2015

I am well aware that nothing is truly secure and anything can be hacked given enough time but somethings are more secure than others and touch ID is way more secure than face ID, takes a lot more work to get someone's fingerprints and copy them in the proper way than to take a picture of someone and build a mask or hell simply find there social media page if you have their name and get a picture like that.

24. cncrim

Posts: 1557; Member since: Aug 15, 2011

Well now terrorist will not buy iphone X.

33. Arch_Fiend

Posts: 3938; Member since: Oct 03, 2015

They were never going to buy the iPhone X anyway, terrorist are ironically smart enough to buy cheaper iPhones.

46. trueheart99

Posts: 24; Member since: Oct 05, 2017

Any criminals worth their salt will use feature phones. No bugs, no GPS, no apps, no chat history, no memory to plant virus/eavesdropping software. Don't ask me why I know.

2. g2a5b0e unregistered

I hardly think this is surprising. Considering the fact that there are over 7 billion on the planet & hundreds, if not thousands of people who look a lot like any given individual, a face is just not unique enough of a thing to count on for the security of your personal information.

6. darkkjedii

Posts: 30786; Member since: Feb 05, 2011

Well said g2.

14. Furbal unregistered

I'd imagine a photo and just knowing the persons ethnicity will be enough to get around it. Folks of the same decent have the same basic skull structure. I doubt the IR blaster has enough resolution to catch and subtle differences

22. g2a5b0e unregistered

Photos don't work, but still doesn't make it incredibly secure.

34. Furbal unregistered

You'd use the photo to map over a 3d printed head. Get the skull shape based on the persons ethnicity (which can be found online)

30. MrShazam

Posts: 987; Member since: Jun 22, 2017

A face is secure enough if you use the latest technology, like Widows Hello has been doing since 2015 and has none of the flaws of Face ID: http://mashable.com/2015/08/20/windows-hello-twins/#XnaFtBIWk8q5 This is just apple being a cheap scumbag as usual, selling ancient tech at a premium to those who won't dare to question them.

41. worldpeace

Posts: 3092; Member since: Apr 15, 2016

Right, since Apple itself said "1 in a million chance", and there are 7.6billion human in this planet, roughly 7.600 peoples in this planet can unlock your iPhoneX. And looking for a person that looks like you is easier than looking for a person with similar fingerprint with you :v

47. trueheart99

Posts: 24; Member since: Oct 05, 2017

Yup, you will always know who looks like you but you will never know who has the same fingerprint like yours. (Well duh...)

3. aashis.sapkota

Posts: 85; Member since: Sep 27, 2015

I'm not an Apple fanboy or an iSheep or whatever, but this firm is clearly trying hard to get the limelight.

17. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

That's how companies come to limelight, do something others don't.

21. NarutoKage14

Posts: 1297; Member since: Aug 31, 2016

Or Apple overestimates the security of their face unlock tech. Every lock no matter how complex has a key, sometimes a very simple one.

4. buccob

Posts: 2949; Member since: Jun 19, 2012

I think the phone should have both Face recognition and Fingerprint scanner AND the ability to use BOTH at the same time for secure Payments... that would have been exponentially safer

5. darkkjedii

Posts: 30786; Member since: Feb 05, 2011

Here's the skinny Apple. Tons of people look alike, but no one has nearly the same fingerprints, not even identical twins. FaceID is not as secure as an FPS is.

7. darkkjedii

Posts: 30786; Member since: Feb 05, 2011

https://youtu.be/Cb5xy2RNkEc People are returning the X

9. cnour

Posts: 2305; Member since: Sep 11, 2014

Oh my god, Apple is ruining!!!! People!!!! Hahahahaha....

15. Furbal unregistered

Ambitious step, but full of problems (good phone still though). They rushed the software and doesnt seem like they did any freaking user usage studies on gestures. The fastest way to get around the OS isnt even listed in the manual or any guide, its on reddit and youtube.

29. darkkjedii

Posts: 30786; Member since: Feb 05, 2011

Very good phone, but going from a Note 8 to an iPhone X (in my experience), was like going from a Mercedes Benz S550, to a base model Toyota Camry. The drop off in screen size, features, versatility, customization, and battery life was just too much. For the week I had it, I didn't touch my Note 8, other than to charge it, and although I thought the X was nice (I like quite a bit about it), it drove me crazy not having the things I've come to depend on in my Note 8. I now realize, an iPhone can not, and will no longer be my daily driver without a massive software UI overhaul and upgrade. I just can't do one anymore, as far as my go to device. The Note 8 has everything, and more covered. I'm the type that does not listen to reviewers or count on links, I have to try it out myself. I did, and I promptly returned it. 8.2 outta 10.

35. Furbal unregistered

My mate 10 gets here tomorrow to give it a try, 8 plus going on the desk for when I want to play with ios for some reason. Android is just objectively more powerful software wise, actual competition between android manufacturers is a great thing. They all have to try new things to stay alive, eventually a great feature is implemented and copied by others. Apple is winning the margins race, but that helps shareholders, not consumers as a whole.

36. darkkjedii

Posts: 30786; Member since: Feb 05, 2011

Very well said post. 100% agreed.

8. cnour

Posts: 2305; Member since: Sep 11, 2014

We all remember this video: https://youtu.be/2u4ZLGsw1zo But all the others followed Apple with TouchID. They will do the same with FaceID IF they will succeed in imitating Apple.

12. tedkord

Posts: 17093; Member since: Jun 17, 2009

You mean they followed Motorola, the same company Apple followed with Touch ID. Considering that FaceID has been a flop that failed on its reveal, has been tricked by twins masks and children, I doubt anyone is rushing to adopt it.

18. Phullofphil

Posts: 1740; Member since: Feb 10, 2009

They never invented any thing they perfected it more.

25. tedkord

Posts: 17093; Member since: Jun 17, 2009

Then cried about others doing the same, and sued. That's the difference. Further, with the fingerprint sensor, they simply bought the company that Samsung and Motorola developed the FPS with, so claims of copying are bunk

27. cnour

Posts: 2305; Member since: Sep 11, 2014

Old arguments to explain the failure of the others.....try to find a new one.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.