Apple’s Face ID Has Been Hacked By A Dirt-Cheap Mask

Apple’s Face ID is mostly being used, at the moment, to add a layer of emoji to karaoke. But it’s also key to a few of Apple’s broader moves in mobile, like Apple Pay. It’s still optional, as a security measure, which is always wise when introducing a new technology. Especially since it took less than a week for a few white hat hackers to crack it open with a $150 mask.

The mask exploits the way Face ID works. Face ID identifies you by laying out a set of dots on your face, creating a sort of topographical map. Everybody has a different map, of course, but there are some regions of our face, like the cheeks, that the dot map will always be fairly uniform. It’s really places with lots of folds, bumps, and other topography, like the nose and around the eyes, that makes your phone secure. That’s how the hack breaches the phone; with a silicon mold of your nose, eyes, and upper lip, the rest can be filled in with white on the facial geometry.

There are, of course, some practical issues. First, it’s pretty tough to get an exact silicon replica of somebody’s facial features, unless you’re Darkman. Second, once you get those, you still need to get your hands on the actual phone. This is more a proof of concept than anything else, and it can easily be thwarted by using a passcode instead, which isn’t perfect but is more secure.

Mostly this should serve as a reminder that even the coolest, most polished of technologies is a work in progress, especially when it’s something we’ve never seen before. This shouldn’t deter you from buying an iPhone X, if you’re excited to get one, although there are other points to consider. But just remember that being a pioneer is never easy, even when the frontier is in your pocket.