Security researchers have demonstrated a way to bypass Face ID by using glasses and tape to unlock the iPhone of an “unconscious” victim. The bypass was demonstrated this week at the Black Hat USA conference in Las Vegas.
Threatpost reports researchers from Tencent were able to fool the “liveness” detection in Apple’s biometrics, which is designed to distinguish “real” features from “fake” ones on people.
Researchers say liveness detection detects background noise and response distortion or focus blur, allowing it to ensure that a face is a real face and not a mask. This procedure is used by Apple’s Face ID, and an “Attention Aware” feature ensures your iPhone doesn’t unlock unless you’re actually looking at it.
To trick these safeguards, researchers created prototype glasses with black tape on the lenses and white tape inside the black tape to emulate the look of an eye. By placing the glasses over a sleeping victim’s face, they were able to access his iPhone and even send themselves a payment via a mobile payment app.
The method worked due to the way liveness detection works differently with glasses, not extracting 3D information from the eye area when glasses are worn.
They discovered that the abstraction of the eye for liveness detection renders a black area (the eye) with a white point on it (the iris). And, they discovered that if a user is wearing glasses, the way that liveness detection scans the eyes changes.
“After our research we found weak points in FaceID… it allows users to unlock while wearing glasses… if you are wearing glasses, it won’t extract 3D information from the eye area when it recognizes the glasses.”
It should be noted that this isn’t really a situation folks should worry about, as a real world security breach like this would require a victim to be sleeping or unconscious, an attacker would need access to the sleeping victim’s iPhone, and the ability to place the glasses over the victim’s eyes without waking the person up. It should also be noted that no secondary research has confirmed the method as yet.
Researchers suggest the loophole can be fixed by biometrics manufacturers adding identity authentication for native cameras and by increasing ” the weight of video and audio synthesis detection.”