Thursday, July 18, 2024

How Hackers Cracked into iPhone X Face ID with 3D Printing Mask

The iPhone X Face ID which allows you to safely unlock your phone and the same can be used during app purchases also. AI with Face ID automatically adjusts to changes in your appearance in scenarios like wearing cosmetics and facials.

In the launch event, Apple claimed senior Vice President Phil Schiller claimed that Face ID capable of distinguishing human’s real face from masks through its Artificial intelligence.Below are the masks tested by Apple.

It draws an immediate attention among hackers that who is going to fool the iPhone Face ID first, on Friday a Vietnam based security company Bkav released blog and video demonstrating how they have beaten Face ID,

“They (Apple engineering teams) have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID. These are actual masks used by the engineering team to train the neural network to protect against them in Face ID. It’s incredible!”, Phil Schiller said

They fooled the Face ID within a week of the iPhone X release which implies it is not an effective security measure.

Also Read: Hackers Using Legitimate Windows Tools for Hiding Malware and Evade the Detection

How the Hack occurred on iPhone X Face ID

They have created a mask with 3D printing and it with 2D images with some special arguments to fool the AI of Face ID.

Hack costs just 150 USD. they have used 3D printer and the nose part designed by handmade artist, then other parts with @D printing. Again the skin is handmade to trick the Apple’s AI.

It shows the recognition mechanism is not so strict seems to rely too much on Face ID’s AI.To their surprise, they have completed the hack within a half of the face.

Mr. Ngo Tuan Anh, Bkav’s Vice President of Cyber Security, said: “The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID”.

Before Bkav Wired magazine’s tried similar attempts but it failed, but Bkav researchers who have the deep understanding of Apple’s AI tricks to bypass it.

Potential Targets

Potential targets shall not be regular users, but billionaires, leaders of major corporations, national leaders and agents like FBI need to understand the Face ID’s issue.

Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our PoC.


Latest articles

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...

Resonance Security Launches Harmony to Monitor and Detect Threats to Web2 and Web3 Apps

Quick take:Harmony is the fourth cybersecurity application Resonance developed to address the disconnect in...

Beware! of New Phishing Tactics Mimic as HR Attacking Employees

Phishing attacks are becoming increasingly sophisticated, and the latest strategy targeting employees highlights this...

MirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing Assets

MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022,...

HardBit Ransomware Using Passphrase Protection To Evade Detection

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware...

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles