APPLE'S FACE ID has been fooled once again using a $200 mask from researchers from Bkav, the same clever folk who fooled the iPhone X's party piece the first time around.
The cybersecurity researchers from Vietnam used a mask constructed from stone paper, as opposed to the plastic material used in the previous mask, and glued 2D images of eyes onto the fake face.
Dubbed the "artificial twin" Bkav noted that the mask is easy enough for anyone to build, as in what could be a mild translation borkage, the "materials and tools are casual for anyone".
Once the mask was set up to match an iPhone X's owner's face, with the strictest security settings, it can apparently quickly trick the $999 iPhone security tech, unlocking the handset immediately.
Ngo Tuan Anh, Bkav's vice president of cybersecurity noted this mask is a significant upgrade on the previous one Bkav developed and stoked the fires of worry around just how secure Apple's facial recognition tech is.
"About two weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc. should be cautious when using Face ID. However, with this research result, we have to raise the severity level to every casual users: Face ID is not secure enough to be used in business transactions," he said.
This isn't great news for Apple who has been talking up its Face ID tech in support notes: "It's designed to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks."
We contacted Apple for comment, but knowing Cupertino's lot, it may be a while before we get a response.
Now before any iPhone X users start panicking, it's worth noting that criminals using this technique would still need direct access to your phone; they can't simply go around waving masks in the vague hope of unlocking iPhones.
So keeping your iPhone X in a strong grip and not waving it around dodgy areas of town would be a good start to securing against such hacks. And a PIN for authentication won't hurt either. µ
Promises that it wasn't used without permission
Data-sniffing malware could snaffle up one password to rule them all
If you can't beat em, sync em
Fixing the old, creating the new