Back to Top

Security experts craft a mask that unlocks iPhone X


I've got to admit that I like technology innovations just like the next random person, especially when it comes to inventions that add new features to our smart phones. So, I was pleasantly surprised to learn about Apple's new FaceID system, which has replaced fingerprint-based authentication in their most recent iPhone model. And truth be told, what's not to like about a feature that unlocks your phone when you look at it and can't be fooled by photos or masks?

The only problem is that FaceID can be easily beaten by printing and using a simple 3D mask. Bkav, a security research company, has successfully bypassed Apple's security mechanism by creating a mask that costs under $200. The Vietnamese researchers have built a 3D mask using stone powder, and then they have glued the images of the eyes to it. Sadly, the resulting mask has successfully unlocked the iPhone from the first try.

According to Ngo Tuan Anh, Vice-president of Cyber Security at Bkav, people and especially big companies should never use FaceID for transactions. In fact, Apple itself agreed that if you've got an evil twin, you should also use a password in addition to your face whenever you want to unlock your iPhone. However, this basically renders FaceID useless, right?

biometrics

Some people may argue and say that it's almost impossible to create a 3D mask of a specific person without he or she knowing about it. However, if you took that person to a room that has several hidden cameras, you can then use the taken photos to create a realistic 3D model, and then print a 3D mask.

For now, it is best to stick with fingerprint-based security, provided that your phone supports it. If it doesn't, you should use the strongest lock screen security options you've got at your disposal. I see many people using patterns to protect their devices, for example, but using a pin is a much better idea, even if it's less convenient to use it.

To add an extra layer of security to your phone, you can use an app that will allow you to lock the installed applications as well. Apps such as AppLock for Android help you protect each application individually, hide pictures and videos, encrypt SMS, browse the web without leaving any traces, take photos of people who try to log into your phone without you knowing about it, and much more. If your phone utilizes Apple's operating system, you can use applications such as Vault to hide your photos and videos.

Most of us log into our online accounts once, and then forget to log out. It's true that it is much more convenient to do so, but it will also make a hacker's job much easier, in case that he or she manages to get access to our phone, and then unlock it.

Mobile password managers are really useful when it comes to generating, and then storing your passwords. By using a password manager, you will be able to set up a complex, almost unbreakable password for each one of your accounts, without having to remember it, or worrying that a third-party will get access to it.

It goes without saying that each one of your mobile devices should have an antivirus installed, even if it's a free one. And in case that disaster strikes and your phone gets lost or is stolen, it is encouraging to know that both Android and iOS include official applications that allow you to track the lost or stolen device. Of course, if your device contains confidential information, it's best to set up a remote wiping system, which will wipe out all the data remotely as soon as the device is connected to the Internet.