Researchers presenting at the Black Hat security conference in Las Vegas this week demonstrated a relatively simple way to break into someone’s iPhone Face ID—so long as they’re completely conked out.
On Wednesday, a research team from Tencent showed their biometric bypass technique to conference attendees, according to a report from Threatpost. In order to circumvent Apple’s advanced security protocol, the researchers reportedly only needed glasses with black tape on the lenses and smaller pieces of white tape on the black tape. Apparently, if you put taped glasses on an unconscious person’s face, you can trick Apple Face ID into unlocking the phone.
— 9to5Mac.com (@9to5mac) August 9, 2019
The researchers were trying to hack the system’s “liveness” detection part of the biometric process that distinguishes between “fake” and “real” human characteristics, according to Threatpost. Usually, if someone is unconscious, FaceID will detect that and fail to open, but this technique apparently tricks this attention-awareness feature.
“With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles’ heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorised live person who is present at the time of capture,” the researchers said during the demonstration, reports Threatpost.
The researchers explained that they “found weak points in Face ID” related to detecting glasses. Face ID works differently if it detects glasses. When the system recognises glasses, it apparently doesn’t pull information from the eye region of the face.
The researchers said the point of the demonstration was to show the shortcomings of the liveness detection feature.
We’ve reached out to Apple for comment and will update when we hear back.
In order to break into a person’s phone using this method, a victim would have to be in such a deep sleep that they don’t wake up when someone tries to put glasses on their face. At least it’s slightly more difficult than using a sleeping person’s finger to unlock Touch ID. But hopefully, Apple will tweak Face ID so thieves aren’t able to use pixelated cartoon eyes to crack into people’s iPhones.
Featured image: Alex Cranz (Gizmodo)