Security researchers in Vietnam have managed to hack the Face ID feature on Apple Inc.’s flagship iPhone X using a rubber mask, casting doubt on how the supposedly advanced security technology actually is.

The discovery was made by researchers at BKAV Corp., which after experimentation managed to craft a custom mask that successfully fooled the iPhone X’s security feature and unlocked the phone. Although the materials used in the mask are worth only $150, the process of getting to the point of fooling the phone was more complicated. The researchers had to adjust features on the mask, such as adding shadows to the nose to make it look more realistic, although the mask itself (pictured) only displayed certain facial features.

The researchers also noted that designing a mask to fool Face ID requires an in-depth knowledge of how Apple’s face-scanning software works and what the weak points in the system are. That’s not easily achieved by the average person, but it certainly could be designed by security professionals in both public and private enterprises.

“With Face IDs being beaten by our mask, FBI, CIA, country leaders, leaders of major corporations, etc. are the ones that need to know about the issue, because their devices are worth illegal unlock attempts,” the researchers said in a blog post over the weekend. “Exploitation is difficult for normal users, but simple for professional ones.”

Others are somewhat skeptical about BKAV’s claim. Forbes, among others, pointed out that the proof-of-concept video leaves out the enrollment process for the true face, meaning that the researchers may have enrolled the mask itself. Alternatively, they may have added features from the mask to the scanned face that could have confused Face ID into giving the mask approval.

Skepticism is healthy, however, and it would seem that the company has not released sufficient information that covers every step of the process they used, meaning there’s every reason to question Apple’s claims.

Apple has not commented on the Face ID hacking claim. The potential hacking of Face ID comes less than a week after it was revealed that the iPhone X becomes “unresponsive” in cold weather. Apple at the time promised to release a software fix for what seemed to be a hardware issue, but not much has been heard since that point.

Image: BKAV