JUST A WEEK after the iPhone X was released, Vietnamese hackers security experts have smacked Apple security in the face, having sucker punched its fancy new facial recognition technology, FaceID.
The firm, which is called BKav corporation, has blogged about its efforts, which involve a scary white plastic facemask in place of an actual human face, a 3D printer and about £140 odd quid.
"It is quite hard to make the "correct" mask without certain knowledge of security. We were able to trick Apple's AI, as mentioned in the writing because we understood how their AI worked and how to bypass it," explained the firm in its Q&A style blog on the subject.
"Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it. We were the first in the world to show that face recognition was not an effective security measure for laptops."
The creation of the mask involves a silicon nose that is hand-moulded and some 3D printed extras. BKav reckons it was able to scan a face using smartphone scanning technology and that it only takes a few seconds.
It all sounds simple, but it could be really bad. The lighter side of the security community feels that this is a dark and devious move on behalf of the face crackers and could be being used to sucker people into downloading some hideous piece of malware.
This is not the first time we've seen evidence of attackers targeting security software directly in order to push malware or compromise clients," said Javvad Malik, security advocate at AlienVault.
"It is a reminder that IT security vendors need to pay as much attention to their own security as they do of their customers; if not more so. If compromising security software becomes a common occurrence, it could severely impact the confidence customers have in the entire market".
Of course, the BKAV guy in the video is not wearing a hoodie - the uniform of the hacker, but appearances and people can be deceptive. µ
'Alexa, snoop on the West'
That's providing the chip is legit
Out, foul Speck
Celebrates with a promise of new functionality on the way