Friday, February 7, 2025
HomeHacksHow Hackers Cracked into iPhone X Face ID with 3D Printing Mask

How Hackers Cracked into iPhone X Face ID with 3D Printing Mask

Published on

SIEM as a Service

Follow Us on Google News

The iPhone X Face ID which allows you to safely unlock your phone and the same can be used during app purchases also. AI with Face ID automatically adjusts to changes in your appearance in scenarios like wearing cosmetics and facials.

In the launch event, Apple claimed senior Vice President Phil Schiller claimed that Face ID capable of distinguishing human’s real face from masks through its Artificial intelligence.Below are the masks tested by Apple.

It draws an immediate attention among hackers that who is going to fool the iPhone Face ID first, on Friday a Vietnam based security company Bkav released blog and video demonstrating how they have beaten Face ID,

“They (Apple engineering teams) have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID. These are actual masks used by the engineering team to train the neural network to protect against them in Face ID. It’s incredible!”, Phil Schiller said

They fooled the Face ID within a week of the iPhone X release which implies it is not an effective security measure.

Also Read: Hackers Using Legitimate Windows Tools for Hiding Malware and Evade the Detection

How the Hack occurred on iPhone X Face ID

They have created a mask with 3D printing and it with 2D images with some special arguments to fool the AI of Face ID.

Hack costs just 150 USD. they have used 3D printer and the nose part designed by handmade artist, then other parts with @D printing. Again the skin is handmade to trick the Apple’s AI.

It shows the recognition mechanism is not so strict seems to rely too much on Face ID’s AI.To their surprise, they have completed the hack within a half of the face.

Mr. Ngo Tuan Anh, Bkav’s Vice President of Cyber Security, said: “The mask is crafted by combining 3D printing with makeup and 2D images, besides some special processing on the cheeks and around the face, where there are large skin areas, to fool AI of Face ID”.

Before Bkav Wired magazine’s tried similar attempts but it failed, but Bkav researchers who have the deep understanding of Apple’s AI tricks to bypass it.

Potential Targets

Potential targets shall not be regular users, but billionaires, leaders of major corporations, national leaders and agents like FBI need to understand the Face ID’s issue.

Security units’ competitors, commercial rivals of corporations, and even nations might benefit from our PoC.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Dell Update Manager Plugin Flaw Exposes Sensitive Data

Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update...

DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption

DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app...

Critical Flaws in HPE Aruba ClearPass Expose Systems to Arbitrary Code Execution

Hewlett Packard Enterprise (HPE) has issued a high-priority security bulletin addressing multiple vulnerabilities in...

Splunk Introduces “DECEIVE” an AI-Powered Honeypot to Track Cyber Threats

Splunk has unveiled DECEIVE (DECeption with Evaluative Integrated Validation Engine), an innovative, AI-augmented honeypot that mimics...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New FUD Malware Targets MacOS, Evading Antivirus and Security Tools

A new strain of Fully Undetectable (FUD) macOS malware, dubbed "Tiny FUD," has emerged,...

Google Blocks 2.28 Million Malicious Apps from Play Store in Security Crackdown

In a continued commitment to enhancing user safety and trust, Google has outlined significant...

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently...