When Apple announced it was getting rid of Touch ID for facial recognition, the company said it was a more secure option with only a one in 1,000,000 chance of being hacked.
“If you happen to have an evil twin, you need to protect your data with a passcode,” marketing vice president Phil Schiller joked during Apple’s iPhone X announcement.
Well, it turns out you don’t need an evil twin because Apple’s Face ID can be hacked using a mask, according to IT security researchers at Bkav.
The researchers didn’t use any special software or hacks to bypass Face ID, instead using a 3D printed frame, makeup, a silicone nose and 2D images, along with special processing on the cheeks and around the face where there are large areas of skin.
The security experts said they were able to bypass the system because they had understood how Apple’s artificial intelligence worked.
“Everything went much more easily than you expect. You can try it out with your own iPhone X, the phone shall recognise you even when you cover a half of your face,” the hackers explained.
“It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID’s AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought.”
The researchers claim the entire mask used to trick Face ID cost less than $A200 to create.
“We used a popular 3D printer. Nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition 9 years ago). The skin was also handmade to trick Apple’s AI,” they wrote.
In closing, the security experts had a scary warning for owners of the iPhone X.
“After nearly 10 years of development, face recognition is not mature enough to guarantee security for computers and smartphones,” they wrote.
“As for biometric security, fingerprint is the best.”
This story originally appeared in news.com.au.