CATEGORIES
home News

Apple iPhone Face ID Security Defeated With Glasses, Tape And An Unconscious Victim

by Shane McGlaunFriday, August 09, 2019, 08:30 AM EDT

There are plenty of vulnerabilities in the biometrics that are commonly used for unlocking devices today, including fingerprint readers and Apple's Face ID. Researchers at the Black Hat USA 2019 conference this week demonstrated a new attack that allowed them to bypass a victim's Face ID and login to the user's phone. However, the method that the hackers had to use is a little disturbing, as they had to use an unconscious victim and place a pair of modified glasses on their face.

blackhat conference

To pull off the hack, the researchers placed tape carefully over the lenses of a pair of glasses and then put the glasses on the victim's face to show how Face ID could be bypassed in this specific scenario. The exploit would be a hard one to pull off in the real world as the hackers would need access to the unconscious or sleeping victim and be able to place the glasses on their face without waking them up.

The researchers who devised the hack are with Tencent, and they exploited a feature of biometrics called "liveness" detection. This is part of the biometric authentication process that sifts through real vs. fake features of people. It works by detecting the background noise, response distortion, or focus blur. Apple's Face ID authentication protocol uses that liveness detection feature.

The researchers say that liveness detection is the "Achilles' Heel" of Apple's Face ID biometric authentication security. The team hoped to bypass biometric security without elaborate hacks simply using the face of the user while they were unconscious. They focused on how liveness detection scans a user's eyes and found that the abstraction of the eye for liveness detection renders a black area, the eye, with a white point on the iris.

When the user is wearing glasses, the way that liveness detection scans the eyes changes, the team says that when users are wearing glasses, Face ID doesn't extract 3D information from the eye area. The team placed black tape on the glasses and put them on the sleeping victim's face to bypass the attention mechanics and unlock the victim's phone. They then transferred money through a mobile payment app. Drawbacks to the hack include that the victim has to be unconscious and can't wake up when the glasses are on their face. In the past, two unrelated Chinese women were able to unlock their iPhone using Face ID.

Tags:  Apple, security, Hack, (NASDAQ:AAPL), iphone x, face id, iphone xs
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment