Vietnamese Security Experts Beat Face ID with New Mask in “Twin Way”


01 ArtificialMask

Vietnamese based security experts from Bkav have successfully beat Apple’s Face ID on iPhone X with their new mask, which unlocks the phone the same way twins do. The experts used a 3D mask made of stone powder, which costs roughly US $200, as well as glued 2D images of the eyes. The eyes are printed infrared images, the same technology that Face ID itself uses to detect facial image.

“These materials and tools are casual for anyone. An iPhone X has its highest security options enabled, then has the owner’s face enrolled to set up Face ID, then is immediately put in front of the mask, iPhone X is unlocked immediately. There is absolutely no learning of Face ID with the new mask in this experiment.”

The experts found out that stone powder can replace paper tape to trick Face ID’ AI at higher scores. Calling their new mask “the artificial twin”, Bkav first predicted the vulnerability in Face ID’s AI when the iPhone X was introduced in September. As soon as the iPhone X became available for sale, they immediately conducted experiments based on previous analysis to confirm the “foreseeable” weakness, and just as predicted, Face ID was defeated by the mask.

On November 15th, Bkav announced the Proof of Concept of this experiment and said that it took around 9-10 hours to trick iPhone X’s AI. Check out the following video to get an idea of how it works:


  • Olivier

    What some people don’t seem to get is that Face ID, just like Siri, learns your face over time. So of course if you just registered your face and then you show a similar face (in this case a mask and photos), you mess with the AI learning system and that’s why it unlocks. It would be way more accurate to have someone use Face ID for a month and then try to fool it again with those type of tweaks.

  • Riley Freeman

    i dont get why these continue to be stories or why people continue to try and beat it. WHO CARES?

    IMEI blacklist, locking the icloud account has still not stopped people from stealing or keeping lost phones. i know if i find a phone, i always return it.
    Anyway, yes it can be beaten, it was never said to be impenetrable so lets move on. These companies that waste so much energy trying to beat it need something to do in their lives

  • Victorious Secret

    Who cares? Thieves and criminals care.

  • Léon

    People from Bkav claim “These materials and tools are casual for anyone” which is obviously false. Does anyone have a 3D printer at home that works with stone powder, no less? How about generating a 3D data of someone’s face? Can anyone casually set up a specialized 3D capturing device or an array of cameras to capture (covertly) person’s face and then put it throug software to create a 3D file? According to their own blogpost: ‘A person can be secretly taken photos of in just a few seconds when entering a room containing a pre-setup system of cameras located at different angles. Then, the photos will be processed by algorithms to make a 3D object’. So, tools and materials casual for everyone? Finally, one has to physically gain access to the persons iPhone and perform all above under 48 hours to avoid being locked out by the iPhone X’s biometric time out limit. Bkav obviously have ulterior motives, taken their primary field of business.

  • Hosaka

    My thoughts exactly. By the time you get the materials, gather 3D data you need, make the mask and then steal the person’s iPhone X, you’ll already be locked out via iCloud/Find My iPhone/IMEI.

    I’d like to know Bkav’s real goals here. Proving that Face ID is flawed is not one of them.

  • Léon

    They are just trying to elevate their own profile on the Apple’s account. This is what they say about themselves: “Bkav Corporation is the leading firm in network security, software, smartphone manufacturing and smarthome“ (that you never heard of). So by claiming they found a cardinal flaw in the world tech giant’s flagship product, they expect that the world will hear about them. They are also making a smartphone, Bphone 2017, and you’ve guessed it, it has a “integrated fingerprint sensor” – so thy have a skin in the game. They try to prove that a fingerprint sensor is inherently safer than Face ID.