This isn't great news for Apple who has been talking up its Face ID tech in support notes: "It's created to protect against spoofing by masks or other techniques through the use of sophisticated anti-spoofing neural networks".
The researchers also posted another video demonstrating the second hack and used their findings to reiterate that Face ID perhaps isn't as secure as Apple has claimed. This is because Face ID mistakenly recognizes the infrared images as real eyes.
So the basic intention of making the videos is to seek the attention of the Apple fans and convince them what they can do with Face ID, and believe in Apple's idea of ditching the Touch ID. The experts used a 3D mask made of stone powder, which costs roughly United States $200, as well as glued 2D images of the eyes. The IR images of eyes are able to fool the iPhone X into thinking the mask is a real person looking at the device. If Face ID detects that you aren't the owner, or you are not paying attention to the iPhone, it will not show the notifications.
Both of those features are meant to add an extra layer of security to Face ID by forcing the user to look at the iPhone to unlock. Here, Bkav is employing the theory of how twins unlocked the iPhone X.
"About 2 weeks ago, we recommended that only very important people such as national leaders, large corporation leaders, billionaires, etc. should be cautious when using Face ID".
Since the unlocking could be performed so easily this time, Bkav has raised its warning level, suggesting that even ordinary business users should avoid using Face ID as a legitimate security feature. As you can see in the clip, the researcher removes his profile from Face ID, re-enrolls his face, then unlocks the phone by aiming its front-facing sensors at the mask.
This is not the first time Face ID has been fooled.