Can Face Recognition Be Fooled on iPhone?

Face recognition is fast becoming popular with retailers as a means of payment and Apple has embraced it in its iPhone X model. Facial recognition is a way to verify a person’s identity from a digital image using facial features that are stored in a database. With phone cameras providing an easy setup for digital face recognition, many iPhone X users are also embracing the technology. Still others are busy trying to hack the system with some claiming success.

The technical name is biometric authentication. Simply put, an iPhone X owner can unlock his phone and make a payment with his face. It’s a somewhat novel idea, but as is predictable, hackers are finding ways to take the fun out of it. When Apple launched the iPhone X, they claimed the security of Face ID was a 1 in 1,000,000 chance of someone hacking your face. Compare that to the claim of 1 in 50,000 chance of having your fingerprint duplicated, a technology Apple has been successfully using since 2013. Even with those odds, security breaches are still possible.

It’s been reported that with just a look, a user’s 10-year-old son was able to unlock her device. Apple admitted there was a chance that a family member with similar facial characteristics could fool Face ID. In another case, a group of Vietnamese hackers bent on discrediting Apple’s Face ID claim they finally hacked the system. The group used a 3-D printed mask with 2-D eyes glued on to unlock the iPhone X. From there they reset the facial recognition to register the face of one hacker and gained access to apps and Apple Pay. The total cost to the hackers was less than $200 for the entire process. Apple insists the hack was unlikely, as they had already used Hollywood studios to test the idea of mask-hacks and were successful.

It’s not the first time researchers and others have tried thwarting biometric security. Several years ago, a group of German hackers claimed to have reproduced the fingerprint of a German official by capturing a photo of the person holding up a hand. They didn’t use fancy 3-D printing technology. They used tracing paper, plastic board, graphite, and wood glue, but were successful. And shortly after the release of the Samsung Galaxy S5, researchers were able to crack the fingerprint sensor using a photo of the print.

For the time being, consider whether or not you want to use these biometric features to pay for products and services. No matter what you choose, you will be giving up some type of data. If you pay by payment card, you provide your card number, name, and other information that can be used to make purchases. The difference is that you can get a new payment card if it’s used for fraud. It’s not so easy to get a new face or fingerprint.

Whether family members or hackers, there’s now a wrinkle to face recognition. Reducing risk for your smartphone is a part of responsible device ownership. What was once a new and uncharted technology eventually becomes the norm. It also gives new opportunities for hackers. Stopping short of literally keeping your device under lock and key, important decisions need to be made. Think about what option works best for you, considering convenience and a level of security or risk you’re okay with. This is especially true when there are children with devices who need to be kept safe from harm. As technology grows, so grows the risk of harm. Keeping smart and informed are the best steps toward keeping safe, no matter what the next new thing may be.